For several years I have been honored to be a guest at the annual Forum on Financial Information Systems and Cybersecurity: A Public Policy Perspective organized at the University of Maryland by Larry Gordon, EY Alumni Professor of Managerial Accounting and Information Assurance; Martin Loeb, professor of accounting and information assurance and a Deloitte & […]
Research & Standards
ActiveCyber covers the latest research efforts and open standards affecting active cyber defenses. Learn about the latest developments emerging from government and industry labs – from moving target defenses to biologically-inspired immunity defenses. Find out how the leading thinkers are addressing the challenges of securing the Internet of Things. Keep up-to-date on new standards and open source tools for adaptive security and the cloud, security automation, and intelligence-based defenses. This Spotlight will raise your awareness of the emerging trends that can improve your defenses against the dynamic cyber threat.


In my last article on the EO 14028 I mentioned that I thought there were several parallels between what the EO was calling out and some of the concepts and technologies that I discussed in my interviews and articles over the last 6 years. I constructed this crosswalk to reflect these relationships. I also added […]


What Roles Do Provenance and Reputation Play in “Authentic-By-Design” Approaches to Digital Content?
People make decisions every day that involve risk and uncertainty. Generally, we reconcile a variety of decision models using risk criteria often provided by organizational policies and/or guided by a variety of personal belief and trust systems. Many times we are forced to address ambiguous situations in uncertain ways, using uncertain terms and with uncertainty […]

Current Security Trends Reveal Difficulties in Assuring Authenticity Recently I was thinking about some of the major security challenges and problems of 2020 and going forward into 2021 like the ongoing SolarWinds supply chain mitigation issues; election fraud; the problems around disinformation and deepfakes; false flags in cyberattacks and the difficulties in making accurate attribution; […]

A Plethora of Standards and Guidance for OT / IoT Security In my research into OT and IoT systems security, I have come across a plethora of guidance and standards from various organizations and standards bodies. To some extent, this wide range of guidance is difficult to get your arms around to figure out what […]

Recently, I was talking with my daughter, the engineer, about testing. She is the lead engineer for payload integration and test for a large NASA space telescope. Our discussion got me to thinking about cyber testing and test metrics. From her space telescope perspective, it is very expensive to conduct tests, with some tests requiring […]

Many years ago I was hosting a series of workshops on a variety of security topics. One of those topics dealt with role-based, attribute-based, and policy-based access control approaches and I was lucky to get Mr. Dave Ferraiolo as one of my presenters for the workshop. Dave has been a long-time evangelist for NIST on […]

Autonomous vehicles (AVs) have been given considerable attention lately, and for good reason, as large tech giants such as Google, Apple, Amazon and of course Tesla have invested hundreds of millions into the development of AVs. More than 60 cities around the globe have driverless car testing programs either ongoing or in preparation, and nearly […]

I have always had a deep appreciation for the skills of a good pentester. However, elite pentesters – those who rule their craft and make magic happen on their keyboards – are generally quite rare. So I was excited when I met one – the subject of this interview – at a recent Dreamport session. […]
