Right, some thoughts on the Russia report. You can read it yourself here: https://docs.google.com/a/independent.gov.uk/viewer?a=v&pid=sites&srcid=aW5kZXBlbmRlbnQuZ292LnVrfGlzY3xneDo1Y2RhMGEyN2Y3NjM0OWFl

TL:DR the post Cold War hope for an easy transition to a democratic Russia with good relations with the West were naive and we got caught sleeping.
The ISC are pretty clear on the motivations of RU. Set against this, the behaviours we see make sense.
Unsurprisingly the CT threat post 9/11 and the London bombings consumed most of the resource of the Security Service and intelligence agencies. This was of course necessary but perhaps gave RU (and I'm sure China) and chance to take advantage of our lack of strategic planning
Curious as to what is hidden here. It's in the context of Russia, so presumably a particular org or theme.
Also wonder which org managed to get their name redacted here:
Of interest because of the timing. We know Russian state backed hackers have been active for longer than this from other reporting, but did 2014 mark a change in behaviours?
'A complex landscape'. Sigh. We really don't help ourselves. (cf this by some bearded guy from sometime ago: https://rusi.org/commentary/uk-cyber-response-getting-it-right-matters)
We've struggled, in my opinion, to decouple the motivations and the means when it comes to cyber. We had a lead for counter intelligence - the Security Service. Just because that threat is now manifest online, rather than just in person, why should the lead change?
But I do appreciate expertise matters. Again, we probably lost opportunity due to the traditional investigative resources being busy with CT, and the expertise to understand technical things perhaps sitting in other places.
I do agree with the points made there about postings - given lots of people I met in gov had been around for decades, I had never worked anywhere were the organisational memory was so short (especially in the more niche areas). I was pleased that the NCSC has (and has) seniors
who have been around the cyber arena for most of their careers, and not just some randomly appoint civil servant from the Treasury (not to knock Treasury staff). Anyway, on with the report.
This was interesting. Clearly the ISC doesn't read it's own reports. To quote me again from an article I wrote for Janes some time ago:
This was interesting. Clearly the ISC doesn't read it's own reports. To quote me again from an article I wrote for Janes some time ago:
This was interesting. Clearly the ISC doesn't read it's own reports. To quote me again from an article I wrote for Janes some time ago:
This seems like broadly good news, and a good advert for traditional voting systems. The 'but' is worrying though:
There has obviously been some reluctance to lead on this, and I can understand why the agencies are careful about getting too involved in what can in effect be legitimate political messaging. However imho, and the ISC appear to agree, the lead should be fairly clear.
It is right there in the legislation:
Again this is tricky area. I have no smart arse observations really. We as open societies have made it extremely easy to feed in propaganda and disinformation and we all know how social media amplifies this. There are others who are much better placed to comment than I.
Something about a barge pole
I really don't know how much Russian propaganda is done on WhatsApp, but that last redaction is intriguing.
Russia is a hard target, which isn't that surprising. That said, with the exposure of GRU and other staff by orgs like Bellingcat, recruitment opportunities may become easier.
The spy register. It is of course a good idea, as it gives you something to charge people with. It's not currently illegal to be a spy in the UK, which may surprise you.
The computer misuse act is out of date. Not entirely sure how relevant that is here, but it is an accurate observation, especially from the NCA.
Of interest because of that first redaction. Someone is on the ball at least.
Here endeth my thread. There is more in the report - I'd encourage you to read it if you're interested in this kind of thing (or just keen on sustaining democracy in general), but it is out of my area of expertise or experience to comment on with any authority.
It's an interesting read. There aren't easy answers, and even though I agree with the ISC conclusion that the Security Service should be the lead, it's not obvious what that looks like. And of course there is a broader responsibility which falls on all of us
If we value liberal democracy and the institutions we've built then we need to protect them. Some of that means improving cyber security across all sectors, some of that means civics lessons, some of it means secret squirrel stuff. And more.
You can follow @TheCyberSecExp.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.