James Scott

Every conceivable layer of the election process is completely riddled with vulnerabilities, so yes, hacking elections is easy!

The two main problems with signature and heuristic based anti-virus is the mutating hash and the fact that you first need a victim in order to obtain the signature."James Scott, Senior Fellow, Institute for Critical Infrastructure Technology

A single spear-phishing email carrying a slightly altered malware can bypass multi-million dollar enterprise security solutions if an adversary deceives a cyber-hygienically apathetic employee into opening the attachment or clicking a malicious link and thereby compromising the entire network.

Overall, Cyber Shield Act is an excellent idea and could facilitate a much-needed cultural shift in secure device manufacturing and upkeep.

Few critical infrastructures need to expedite their cyber resiliency as desperately as the health sector, who repeatedly demonstrates lackadaisical cyber hygiene, finagled and Frankensteined networks, virtually unanimous absence of security operations teams and good ol_ boys club bureaucratic board members flexing little more than smoke and mirror, cyber security theatrics as their organizational defense.

If developed and implemented meaningfully, Cyber Shield Act could be a catalyst to incite responsible cybersecurity adoption and implementation throughout multiple manufacturing sectors."James Scott, Senior Fellow, Institute for Critical Infrastructure Technology

The Cyber Shield Act could serve as a secure conduit to facilitate update and patch delivery

Exfiltrated metadata from internet service providers and social media platforms can be plugged into big data analytics and once the right algorithm is applied, can allow an adversary surgically precise psychographic targeting of critical infrastructure executives with elevated privileges. Why is no one talking about this?

We__e talking about the fate of our economy and the questionable resiliency of our Nation__ critical infrastructure. Why are experts so polite, patient, and forgiving when talking about cybersecurity and National Security? The drama of each script kiddie botnet attack and Nation State pilfering of our IP has been turned into a soap opera through press releases, sound bites and enforced absurdity of mainstream media. It__ time for a cybersecurity zeitgeist in the West where cyber hygiene is a meme that is aggressively distributed by those who have mastered it and encouraged to be imitated by those who have experienced it.

Security-by-design is an indispensable prerequisite to the establishment of vital critical infrastructure resiliency. Each device vulnerable to adversarial compromise, inflates and bolsters the exploitable cyber-attack surface that can be leveraged against targets, and every enslaved device grants adversaries carte blanche access that can be utilized to parasitically entwine malware into organizational networks and IoT microcosms, and that can be leveraged to amplify the impact and harm inflicted on targeted end-users, organizations, and government entities

Security by design is a mandatory prerequisite to securing the IoT macrocosm, the Dyn attack was just a practice run

Right and wrong isn__ a matter of ethics, rather it__ the geography in which you reside and whose control you__e under. Tallinn Manual 2.0 is based largely on western international humanitarian law.

Between the black box proprietary code, barebones computers we call voting machines and a mass of completely unqualified election officials, our election system is up for grabs to anybody with even a modest interest and some script kiddie capability. The cyber-kinetic attack surface here is wide open.

The collaboration between secretaries of state, election officials and the voting system manufacturers on the matter of enforcing this black box proprietary code secrecy with election systems, is nothing less than the commoditization and monetization of American Democracy

You think an Air Gap is a defense? Sofacy, Stuxnet, Uroburos, AirHopper, BitWhisperer and ProjectSauron_enough said!

Hackers find more success with organizations where employees are under appreciated, over worked and under paid. Why would anyone in an organization like that care enough to think twice before clicking on a phishing email?

Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact

There__ no silver bullet solution with cyber security, a layered defense is the only viable defense