Rob Joyce on Cybersecurity: What We Know and How We Know It

"What we know is not nearly as sensitive as how we know it." -@NSA_CSDirector

— SwiftOnSecurity (@SwiftOnSecurity) April 7, 2023

Listening to @lawfarepodcast with Rob Joyce @RGB_Lights, Director of the Cybersecurity Directorate at @NSACyber

(Skip to 2:40)https://t.co/Tw1BMOpB6I

— SwiftOnSecurity (@SwiftOnSecurity) April 7, 2023

Other takeaways after hours of thinking it over (these r not quotes)🧵
- Seems impressed with how much Ukraine has been able to harden against cyber attack, it's absolutely possible to action + industry collaboration
- Emphasized importance of security basics as core tenant

— SwiftOnSecurity (@SwiftOnSecurity) April 8, 2023

- Pushing fixes globally quickly, not keeping exploits, is critical. Will never hold back vulnerabilities for own use when found in collaboration with industry partners asking security reviews. Play no role in kneecapping security tech they find out about, leave to export regs Q

— SwiftOnSecurity (@SwiftOnSecurity) April 8, 2023

- Surprised by China taking the exchange exploit and scanning entire internet for it, smash and grab approach
- Lots of purely opportunistic exploitation of non-targeted entities by APT groups. You don't need to be a target at all.
- Law firms are soft underbelly of trade secrets

— SwiftOnSecurity (@SwiftOnSecurity) April 8, 2023

- Big name mega defense firms have become very hardened, it's tens of thousands of subcontractors with pieces of the puzzle getting hit. Supply chain supply chain
- NSA provides unique insights due to dual-hatted role
- quant-resist crypto still vulnerable to classic mistakes

— SwiftOnSecurity (@SwiftOnSecurity) April 8, 2023