research & standards

Press Release – March 7, 2024 SRI chosen to deliver cyber-psychology-informed network defense technology for IARPA  The innovative program will be centered around the psychology of cyber attackers.   [March 7, 2024]: Menlo Park, CA – SRI announced today that it has been selected by Intelligence Advanced Research Projects Activity (IARPA) to deliver advanced technology for its recently announced Reimagining […]

April 18, 2024 It is evident over the last few years that central national governments are applying tighter controls on the security of software and hardware products – from labels for IoT devices in the US and abroad, to controls over AI research and bans on high risk AI models, to more timely reporting requirements on vulnerabilities, ransomware, […]

For several years I have been honored to be a guest at the annual Forum on Financial Information Systems and Cybersecurity: A Public Policy Perspective organized at the University of Maryland by Larry Gordon, EY Alumni Professor of Managerial Accounting and Information Assurance; Martin Loeb, professor of accounting and information assurance and a Deloitte & […]

People make decisions every day that involve risk and uncertainty. Generally, we reconcile a variety of decision models using risk criteria often provided by organizational policies and/or guided by a variety of personal belief and trust systems. Many times we are forced to address ambiguous situations in uncertain ways, using uncertain terms and with uncertainty […]

Current Security Trends Reveal Difficulties in Assuring Authenticity Recently I was thinking about some of the major security challenges and problems of 2020 and going forward into 2021 like the ongoing SolarWinds supply chain mitigation issues; election fraud; the problems around disinformation and deepfakes; false flags in cyberattacks and the difficulties in making accurate attribution; […]

A Plethora of Standards and Guidance for OT / IoT Security In my research into OT and IoT systems security, I have come across a plethora of guidance and standards from various organizations and standards bodies. To some extent, this wide range of guidance is difficult to get your arms around to figure out what […]

Recently, I was talking with my daughter, the engineer, about testing. She is the lead engineer for payload integration and test for a large NASA space telescope. Our discussion got me to thinking about cyber testing and test metrics. From her space telescope perspective, it is very expensive to conduct tests, with some tests requiring […]