Reckless Reporting: Respect Information Handling Guidance

Security professionals and their organizations, journalists, media organizations, and all those who may have access to security-related privileged information, are acting recklessly and irresponsibly when they publicly post that information, contrary to the designated information handling guidance associated with that information.

Continue Reading →

The Gate 15 Interview: Disinformation, Misinformation… Too Much Information!?!

In this episode of The Gate 15 Interview, Andy Jabbour talks with Michael Klein, a K-12 IT Director and a leader for CTI League’s Disinformation Team, and Lee Foster, Senior Manager, Information Operations Analysis, with FireEye Intelligence. The group discusses:
• What we mean by the terms “misinformation” and “disinformation;”
• Information operations with regard to the COVID-19 pandemic;
• Geopolitical and domestic political interests and issue manipulation;
• Election disinformation, past, present and future;
• Ideas on deepfakes and the use of Synthetic Media;
• And Andy manages to work in another musical reference…

Continue Reading →

The Cybersecurity Evangelist, Episode 2; Demystifying Cybersecurity Myths – Part 2

This month we are airing part two of the inaugural episode of The Cybersecurity Evangelist where Travis Farral and I finish demystifying cybersecurity myth #2 and #1. Listen to find out where the term “hacking” came from, and more about different types of “hackers”…including the good ones. Travis and I also give a quick nod to our inner geek. We wrap up the discussion with how we are ALL targets of opportunity, even if we don’t have an online presence. And why it is important to overcome the “it won’t happen to me mindset.” Finally, Travis leaves us with his final thought: spend a few minutes trying to educate yourself on ways you can protect your family.

Continue Reading →

The Risk Roundtable: EP 10 – Geopolitics, Partnerships and Information Sharing

the Gate 15 team discusses geopolitics and the impacts they have on organizations around the world. The team touches on security concerns around current issues including U.S.-China tensions and why TikTok is a topic of discussion and the idea that how nations and leaders see each other – as adversaries or competitors – is also an important consideration. Listen to Dave, Jorhena, Jen, and Andy then speak on the importance of partnerships and the need to build and engage in trusted relationships and information sharing. But they couldn’t completely escape the enduring threats of ransomware and COVID, and they weighed in on the continued impact it is having on sports leagues while hearing Andy’s hope for his favorite football team. Andy also shares his current earworm struggles and gets mocked for his choice of attire…

Continue Reading →

Blended Threats: VPN Bugs Could Cause Physical Impacts with Critical Lifeline Sectors

In a blog post on 28 Jul, security researchers at Claroty shared that they have “discovered remote code execution vulnerabilities affecting virtual private network (VPN) implementations primarily used to provide remote access to operational technology (OT) networks. These dedicated remote access solutions are mainly focused on the industrial control system (ICS) industry… Exploiting these vulnerabilities can give an attacker direct access to the field devices and cause some physical damage.”

At Gate 15, we spend a lot of time discussing Blended Threats. A Blended Threat is a natural, accidental, or purposeful physical or cyber danger that has or indicates the potential to have crossover impacts and harm life, information, operations, the environment, and/or property.

Continue Reading →

Blended Threats: Can IoT devices be abused to overdose dementia sufferers (and kids)?!

In a post on 9 July 2020, the team at Pen Test Partners wrote “Hacking smart devices to convince dementia sufferers to overdose,” stating, that they had recently discovered a flaw “that was a little different: it was aimed at the elderly, particularly those with dementia or other cognitive impairments.”

Continue Reading →

Blended Threats: Protests! Hacking? Death Threats!?!

Illustrating how rapidly and dangerously this can play out in our world today, Sarah Coble reported, that the life of Jessica Hatch, a Houston business owner, was “threatened after cyber-criminals hacked into her company’s social media account and posted racist messages.

Continue Reading →

The Gate 15 Pod, Episode 9: Protests, reopening, hurricane predictions (and we need a name!)

Just as the United States began reopening following COVID-19 restrictions, the death of George Floyd rapidly changed the conversation and protests erupted around the country (and with international solidarity). Join Dave Pounder, Gate 15’s Director for Threat and Risk Analysis, Jennifer Lyn Walker, Director for Cyber Services, Jorhena Thomas, Senior Risk Consultant, and Andy Jabbour, Gate 15’s Managing Director, as they discuss this rapidly changing and dynamic environment.

Continue Reading →

Reopening America: Faith-Based Organizations

On 14 May, Gate 15 presented a webinar on Hostile Event Preparedness for the community of faith via the Faith-Based Information Sharing and Analysis Organization (FB-ISAO). In light of reopening, the Gate 15 analysts’ took the first 15 minutes of the webinar to discuss special security considerations for re-opening facilities.

Continue Reading →

The Gate 15 Pod, Episode 7: We get to discuss things besides coronavirus (kind of…)!

In this episode Andy, Dave and Jen discuss topics including Ramadan and faith-based threats and preparedness, the coronavirus “infodemic,” as well as the impacts of the re-opening / re-entry of businesses across around the world. Then the team wraps things up with some thoughts on hurricanes and National Hurricane Preparedness Week.

Continue Reading →

No Joke: The Gate 15 Pod, Episode 4 is Available Now!

The 4th episode of the Gate 15 Podcast is now available! There is a lot of information “out there” related to the COVID-19 pandemic – some of which is true and useful… Aside from initial reactions, the team looks ahead to what’s next as this pandemic continues and how do we start preparing to handle other incidents – from spring flooding and an upcoming hurricane season to potential hostile events – in a COVID world.

Continue Reading →

Blending Threats into a Complex New Year

As 2019 turns into 2020, technologies and threats that impact daily operations and data security persist in blended and complex ways. The convergence of both physical and cyber domains increase the productivity and value of businesses and critical infrastructure at large, but introduce new and evolving risks that can harm assets and individuals when the line between IT and physical risks are no longer crystal clear.

Continue Reading →