For countries that wished to move goods and treasure back in the 16th and 17th centuries, wind-powered sailing ships and ocean transit were the only option. And pirates were a major, major problem. Pirate gangs like those headed by Edward Teach (better known as Blackbeard), the Barbarossa brothers and Captain William Kidd plied the Caribbean Sea, the Gulf of Mexico and coast of Central and South America (aka “The Spanish Main), the Mediterranean the Indian Ocean and elsewhere, seizing cargo including gold, jewelry and raw materials that fueled the home economies of colonizing nations like England, Spain and Portugal.

Episode 153: Hacking Anesthesia Machines and Mayors say No to Ransoms

Andy Jaquith
Andy Jaquith is the CSO at QOMPLX.

Modern Problem, Ancient Roots

The groups were a persistent menace, but they weren’t merely crooks. Many operated as “privateers,” helping to further the interests and ambitions of sponsor nations, like England and Spain. Sir Francis Drake is best known for circumnavigating the globe, but he was also a pirate of the first order: raiding Spanish colonial settlements in what is now Mexico and the West Coast of the United States on his way around the world. And he operated with the support of England’s Queen Elizabeth, who was interested in weakening the strength of the Spanish Navy on the high seas.

Episode 169: Ransomware comes to the Enterprise with PureLocker

All that complexity bears a striking resemblance to a modern scourge on commerce: ransomware. Today, ransomware gangs – like pirates of yore – swoop in on businesses, critical infrastructure owners and public sector agencies with no notice, holding them hostage for ransoms and stealing sensitive data. Behind these groups lurk sponsor nations, first and foremost Russia, which give them safe harbor to operate and benefit, indirectly, from the chaos they sow in rival economies.

Joey, Talk to Russia (about Ransomware)

That’s why ransomware was very much on the agenda when Russian Prime minister Vlad Putin and President Joe Biden met in Geneva this week. Among other things, Biden was expected to push Putin on that country’s practice of allowing ransomware gangs operate from within its borders. And, while there were no clear agreements reached about cyber security cooperation at the summit, there is evidence that industrialized nations are waking up to the threat posed by these groups.

Kaspersky Deems Crypto-jacking the New Ransomware as Crypto-miners up Their Game

To discuss what lessons history might hold for them as they confront this 21st century form of pirating, we invited Andy Jaquith back into the SL studios. Andy is the CSO at the firm QOMPLX and an expert on cyber security with a background in political science and economics In this conversation we talk about the deep similarities between the ransomware scourge of the early 21st century and the problems posed by pirates to sea faring nations back in the 16th, 17th and 18th centuries. We also discuss what lessons the rise – and fall – of piracy might have for countries interested in putting a check on ransomware groups.

You can listen to the podcast above, or download the MP3 using the button below!


As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.

Web sites for customers of agricultural equipment maker John Deere contained vulnerabilities that could have allowed a remote attacker to harvest sensitive information on the company’s customers including their names, physical addresses and information on the Deere equipment they own and operate.

The researcher known as “Sick Codes” (@sickcodes) published two advisories on Thursday warning about the flaws in the myjohndeere.com web site and the John Deere Operations Center web site and mobile applications. In a conversation with Security Ledger, the researcher said that a he was able to use VINs (vehicle identification numbers) taken from a farm equipment auction site to identify the name and physical address of the owner. Furthermore, a flaw in the myjohndeere.com website could allow an unauthenticated user to carry out automated attacks against the site, possibly revealing all the user accounts for that site.

Sick Codes disclosed both flaws to John Deere and also to the U.S. Government’s Cybersecurity and Infrastructure Security Agency (CISA), which monitors food and agriculture as a critical infrastructure sector. As of publication, the flaws discovered in the Operations Center have been addressed while the status of the myjohndeere.com flaws is not known.

Contacted by The Security Ledger, John Deere did not offer comment regarding the bulletins prior to publication.

Sick Codes, the researcher, said he created a free developer account with Deere and found the first myjohndeere.com vulnerability before he had even logged into the company’s web site. The two flaws he disclosed represent only an hour or two of probing the company’s website and Operations Center. He feels confident there is more to be found, including vulnerabilities affecting the hardware and software deployed inside the cabs of Deere equipment.

“You can download and upload stuff to tractors in the field from the web. That is a potential attack vector if exploitable.”

Ag Equipment Data: Fodder for Nation States

The information obtained from the John Deere websites, including customer names and addresses, could put the company afoul of data security laws like California’s CCPA or the Personal Information Protection Act in Deere’s home state of Illinois. However, the national security consequences of the company’s leaky website could be far greater. Details on what model combines and other equipment is in use on what farm could be of very high value to an attacker, including nation-states interested in disrupting U.S. agricultural production at key junctures, such as during planting or harvest time.

The consolidated nature of U.S. farming means that an attacker with knowledge of specific, Internet connected machinery in use by a small number of large-scale farming operations in the midwestern United States could launch targeted attacks on that equipment that could disrupt the entire U.S. food supply chain.

Despite creating millions of lines of software to run its sophisticated agricultural machinery, Deere has not registered so much as a single vulnerability with the Government’s CVE database, which tracks software flaws.

At Risk: Devastating Attacks on Food Chain

Agriculture is uniquely susceptible to such disruptions, says Molly Jahn, a Program Manager in the Defense Sciences Office at DARPA, the Defense Advanced Research Projects Agency and a researcher at the University of Wisconsin, Madison.

Molly Jahn is Program Manager at DARPA and a researcher at the University of Wisconsin, Madison.

“Unlike many industries, there is extreme seasonality in the way John Deere’s implements are used,” Jahn told Security Ledger. “We can easily imagine timed interference with planting or harvest that could be devastating. And it wouldn’t have to persist for very long at the right time of year or during a natural disaster – a compound event.” An attack aimed at economic sabotage and carried out through combines at harvest time in the midwest it would be “devastating and unrecoverable depending on the details,” said Jahn.

DHS Warns That Drones Made in China Could Steal U.S. Data

However, the Agriculture sector and firms that supply it, like Deere, lag other industries in cyber security preparedness and resilience. A 2019 report released by Department of Homeland Security concluded that the “adoption of advanced precision agriculture technology and farm information management systems in the crop and livestock sectors is introducing new vulnerabilities into an industry which had previously been highly mechanical in nature.”

DHS Report: Threats to Ag Not Taken Seriously

“Most of the information management / cyber threats facing precision agriculture’s embedded and digital tools are consistent with threat vectors in all other connected industries. Malicious actors are also generally the same: data theft, stealing resources, reputation loss, destruction of equipment, or gaining an improper financial advantage over a competitor,” the report read.

The research group that prepared that report visited large farms and precision agriculture technology manufacturers “located throughout the United States.” The report concluded that “potential threats to precision agriculture were often not fully understood or were not being treated seriously enough by the front-line agriculture producers,” the report concluded.

Jahn said the U.S. agriculture sector has emphasized efficiency and cost savings over resilience. The emergence of precision agriculture in the last 15 years has driven huge increases in productivity, but also introduced new risks of disruptions that have not been accounted for.

“We have not thought about protecting the data from unwanted interference of any type,” she said. “That includes industrial espionage, sabotage or a full on attack…I have consistently maintained cyber risk on the short list of existential threats to US food and agriculture system.”

In just the last two weeks, three of the world’s most prominent social networks have been linked to stories about data leaks. Troves of information on both Facebook and LinkedIn users – hundreds of millions of them – turned up for sale in marketplaces in the cyber underground. Then, earlier this week, a hacker forum published a database purporting to be information on users of the new Clubhouse social network. 

Andrew Sellers is the Chief Technology Officer at QOMPLX Inc.

To hear Facebook, LinkedIn and Clubhouse speak, however, nothing is amiss. All took pains to explain that they were not the victims of a hack, just “scraping” of public data on their  users by individuals. Facebook went so far as to insist that it would not notify the 530 million users whose names, phone numbers, birth dates and other information were scraped from its site. .

So which is it? Is scraping the same as hacking or just an example of “zealous” use of a social media platform? And if it isn’t considered hacking…should it be? As more and more online platforms open their doors to API-based access, what restrictions and security should be attached to those APIs to prevent wanton abuse? 

To discuss these issues and more, we invited Andrew Sellers into the Security Ledger studios. Andrew is the Chief Technology Officer at the firm QOMPLX* where he oversees the technology, engineering, data science, and delivery aspects of QOMPLX’s next-generation operational risk management and situational awareness products. He is also an expert in data scraping with specific expertise in large-scale heterogeneous network design, deep-web data extraction, and data theory. 

While the recent incidents affecting LinkedIn, Facebook and Clubhouse may not technically qualify as “hacks,” Andrew told me, they do raise troubling questions about the data security and data management practices of large social media networks, and beg the question of whether more needs to be done to regulate the storage and retention of data on these platforms. 


(*) QOMPLX is a sponsor of The Security Ledger.

In this episode of the podcast (#206): with movement towards passage of a federal data privacy law stronger than ever, we invite two experts in to the Security Ledger studio to talk about what that might mean for U.S. residents and businesses.


Data theft and misuse has been an acute problem in the United States for years. And, despite the passage of time, little progress has been made in addressing it. Just this week, for example, SITA, an IT provider for the world’s leading airlines said that a breach had exposed data on potentially millions of travelers – just the latest in a steady drumbeat of breach and hacking revelations affecting nearly every industry. 

In the E.U. the rash of massive data breaches from retail firms, data brokers and more led to the passage of GDPR – the world’s first, comprehensive data privacy regime. In the years since then, other nations have followed suit.

But in the U.S., despite the passage of a hodgepodge of state data privacy laws, no comprehensive federal law exists. That means there is still no clear federal framework covers critical issues such as data ownership, the disclosure of data breaches, private rights of action to sue negligent firms and so on. 

Changes In D.C. Bring Data Privacy Into Focus

But that may be about to change. In a closely divided Washington D.C. data privacy is the rare issue that has bipartisan support. And now, with Democrats in control of Congress and the Whitehouse, the push is on to pass pro-consumer privacy legislation into law. 

Rehal Jalil, the CEO of Securiti.ai into the studio to dig deep on the security vs. privacy question. SECURE – ITI is a firm that sells privacy management and compliance services.  

n this conversation, Rahil and I talk about the evolving thinking on data privacy and security and about the impact on IT  the EU’s GDPR and state laws like CCPA are having on how businesses manage their data. Rehan and I also talk about whether technology might provide a way to bridge the gap between security and privacy: allowing companies to derive the value from data without exposing it to malicious or unscrupulous actors. 


As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

In this episode of the podcast (#204) we’re joined by Josh Corman of CISA, the Cybersecurity and Infrastructure Security Agency, to talk about how that agency is working to secure the healthcare sector, in particular vaccine supply chains that have come under attack by nations like Russia, China and North Korea.


Incidents like the Solar Winds hack have focused our attention on the threat posed by nation states like Russia and China, as they look to steal sensitive government and private sector secrets. But in the vital healthcare sector, nation state actors are just one among many threats to the safety and security of networks, data, employees and patients.

Joshua Corman is the Chief Strategist for Healthcare and COVID on the CISA COVID Task Force.
Joshua Corman is the Chief Strategist for Healthcare and COVID on the CISA COVID Task Force.

In recent years, China has made a habit of targeting large health insurers and healthcare providers as it seeks to build what some have described as a “data lake” of U.S. residents that it can mine for intelligence. Criminal ransomware groups have released their malicious wares on the networks of hospitals, crippling their ability to deliver vital services to patients and – more recently – nation state actors like North Korea, China and Russia have gone phishing – with a “ph” – for information on cutting edge vaccine research related to COVID 19.

How is the U.S. government responding to this array of threats? In this episode of the podcast, we’re bringing you an exclusive interview with Josh Corman, the Chief Strategist for Healthcare and COVID for the COVID Task Force at CISA, Cybersecurity and Infrastructure Security Agency.

Cryptocurrency Exchanges, Students Targets of North Korea Hackers

In this interview, Josh and I talk about the scramble within CISA to secure a global vaccine supply chain in the midst of a global pandemic. Among other things, Josh talks about the work CISA has done in the last year to identify and shore up the cyber security of vital vaccine supply chain partners – from small biotech firms that produce discrete but vital components needed to produce vaccines to dry ice manufacturers whose product is needed to transport and store vaccines.

Episode 194: What Happened To All The Election Hacks?

To start off I asked Josh to talk about CISA’s unique role in securing vaccines and how the Federal Government’s newest agency works with other stake holders from the FBI to the FDA to address widespread cyber threats.



As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

In this episode of the Security Ledger Podcast (#202) we do a deep dive on President Biden’s cyber agenda with three experts on federal cyber policy and the challenges facing the new administration.


Well, it almost didn’t happen, but on January 20, Joseph Robinette Biden Jr. was sworn in as the 46th President of the United States. More than any president since Franklin Roosevelt, Biden inherited a country in the throws of a crisis. By the time of his inauguration, the COVID virus had killed upwards of 400,000 U.S. residents and tanked the  national economy. As the incidents of January 6 indicated, right wing militant groups are stirring and threatening to topple democratic institutions.

Enter Solar Storm

And, as if that wasn’t enough, the weeks between the November Election and Biden’s January inauguration brought to light evidence of what is perhaps the biggest cyber intrusion by a foreign adversary into US government networks, the so called Solar Storm hack, which has been widely attributed to the government of Russia. 

Even before Solar Storm, Biden made clear as a candidate that a cyber security reset was needed and that cyber would be a top priority of his administration. The wide ranging hack of the US Treasury, Departments, of State, Justice, Defense and Homeland Security – among others – just added fuel to the roaring dumpster fire of Federal IT security. 

But what will that reset look like? To understand a bit better what might be in store in the months ahead we devoted this episode of the podcast to interviewing three experts on federal IT security and cyber defense. 

Rebuilding Blocks

But first, before you can do a reset you need to understand what went wrong the first time around. In the case of federal cyber security, that’s not a short list.

Spotlight Podcast: Taking a Risk-Based Approach to Election Security

In our fist segment, we’re joined by two experts on cyber policy about the US governments struggles to get cyber security right, culminating with the problems seen during the Trump administration.

Lauren Zabierek is the Executive Director of Cyber Project at Belfer Center For Science and International Affairs at Harvard’s Kennedy School of Government. She’s joined by Paul Kolbe, the Director of the Intelligence Project at Belfer Center. The two joined me in the Security Ledger studios to talk about how the Biden Administration might rebuild the US government’s cyber function and who might populate key positions in the new administration. 

Spotlight Podcast: QOMPLX CISO Andy Jaquith on COVID, Ransomware and Resilience

To start off, I asked them what the biggest challenges are out of the gate for the new administration. 

The Byte Stops Here: What Cyber Leadership Looks Like

As Harry Truman famously said: the “Buck stops” at the President’s desk. That wasn’t a phrase that was heard much during the Trump years. But with a new President sworn in, what does real leadership look like on federal cyber security?

Mark Weatherford is the Chief Strategy Officer at the National Cyber Security Center.

To find out, we invited Mark Weatherford into the studio to talk. Mark is the Chief Strategy Officer at the national cyber security center. a former CISO for the State of California and Deputy Under Secretary for Cyber Security at the DHS. In this conversation, Mark and I talk about the importance of presidential leadership on cyber security and what – if anything – the Trump administration got right on cyber policy in its four years in power. 


As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

Independent security researchers testing the security of the United Nations were able to compromise public-facing servers and a cloud-based development account for the U.N. and lift data on more than 100,000 staff and employees, according to a report released Monday.

Researchers affiliated with Sakura Samurai, a newly formed collective of independent security experts, exploited an exposed Github repository belonging to the International Labour Organization and the U.N.’s Environment Programme (UNEP) to obtain “multiple sets of database and application credentials” for UNEP applications, according to a blog post by one of the Sakura Samurai researchers, John Jackson, explaining the group’s work.

Specifically, the group was able to obtain access to database backups for private UNEP projects that exposed a wealth of information on staff and operations. That includes a document with more than 1,000 U.N. employee names, emails; more than 100,000 employee travel records including destination, length of stay and employee ID numbers; more than 1,000 U.N. employee records and so on.

The researchers stopped their search once they were able to obtain personally identifying information. However, they speculated that more data was likely accessible.

Looking for Vulnerabilities

The researchers were scanning the U.N.’s network as part of the organization’s Vulnerability Disclosure Program. That program, started in 2016, has resulted in a number of vulnerabilities being reported to the U.N., many of them common cross-site scripting (XSS) and SQL injection flaws in the U.N.’s main website, un.org.

You might also be interested in: Data Breach Exposes Records of 114 Million U.S. Citizens, Companies

For their work, Sakura Samurai took a different approach, according to Jackson, in an interview with The Security Ledger. The group started by enumerating UN subdomains and scanning them for exposed assets and data. One of those, an ILO.org Apache web server, was misconfigured and exposing files linked to a Github account. By downloading that file, the researchers were able to recover the credentials for a UN survey management panel, part of a little used, but public facing survey feature on the UN site. While the survey tool didn’t expose a tremendous amount of data, the researchers continued scanning the site and eventually discovered a subdomain that exposed a file containing the credentials for a UN Github account containing 10 more private GitHub repositories encompassing databases and database credentials, backups and files containing personally identifying information.

Much more to be found

Jackson said that the breach is extensive, but that much more was likely exposed prior to his group’s discovery.

“Honestly, there’s way more to be found. We were looking for big fish to fry.” Among other things, a Sakura Samurai researcher discovered APIs for the Twilio cloud platform exposed – those also could have been abused to extract data and personally identifying information from UN systems, he said.

In an email response to The Security Ledger, Farhan Haq, a Deputy Spokesman for the U.N. Secretary-General said that the U.N.’s “technical staff in Nairobi … acknowledged the threat and … took ‘immediate steps’ to remedy the problem.”

You might also be interested in: Veeam mishandles Own Data, exposes 440M Customer E-mails

“The flaw was remedied in less than a week, but whether or not someone accessed the database remains to be seen,” Haq said in the statement.

A disclosure notice from the U.N. on the matter is “still in the works,” Haq said. According to Jackson, data on EU residents was among the data exposed in the incident. Under the terms of the European Union’s Genderal Data Privacy Rule (GDPR), the U.N. has 72 hours to notify regulators about the incident.

Nation State Exposure?

Unfortunately, Jackson said that there is no way of knowing whether his group was the first to discover the exposed data. It is very possible, he said, that they were not.

“It’s likely that nation state threat actors already have this,” he said, noting that data like travel records could pose physical risks, while U.N. employee email and ID numbers could be useful in tracking and impersonating employees online and offline.

Another danger is that malicious actors with access to the source code of U.N. applications could plant back doors or otherwise manipulate the functioning of those applications to suit their needs. The recent compromise of software updates from the firm Solar Winds has been traced to attacks on hundreds of government agencies and private sector firms. That incident has been tied to hacking groups associated with the government of Russia.

Asked whether the U.N. had conducted an audit of the affected applications, Haq, the spokesperson for the U.N. Secretary General said that the agency was “still looking into the matter.”

A Spotty Record on Cybersecurity

This is not the first cybersecurity lapse at the U.N. In January, 2020 the website the New Humanitarian reported that the U.N. discovered but did not disclose a major hack into its IT systems in Europe in 2019 that involved the compromise of UN domains and the theft of administrator credentials.

The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports last month in The Security Ledger and elsewhere that the devices may give the company “back door” access to deployed sets.

Speaking at The Heritage Foundation, a conservative think tank, Acting DHS Secretary Chad Wolf said that DHS is “reviewing entities such as the Chinese manufacturer TCL.”

“This year it was discovered that TCL incorporated backdoors into all of its TV sets exposing users to cyber breaches and data exfiltration. TCL also receives CCP state support to compete in the global electronics market, which has propelled it to the third largest television manufacturer in the world,” Wolf said, according to a version of prepared remarks published by DHS. His talk was entitled “Homeland Security and the China Challenge.”

As reported by The Security Ledger last month, independent researchers John Jackson, (@johnjhacking) -an application security engineer for Shutter Stock – and a researcher using the handle Sick Codes (@sickcodes) identified and described two serious software security holes affecting TCL brand television sets. The first, CVE-2020-27403, would allow an unprivileged remote attacker on the adjacent network to download most system files from the TV set up to and including images, personal data and security tokens for connected applications. The flaw could lead to serious critical information disclosure, the researchers warned.

Episode 197: The Russia Hack Is A 5 Alarm Fire | Also: Shoppers Beware!

The second vulnerability, CVE-2020-28055, would have allowed a local unprivileged attacker to read from- and write to critical vendor resource directories within the TV’s Android file system, including the vendor upgrades folder.

Both flaws affect TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below, according to the official CVE reports. In an interview with The Security Ledger, the researcher Sick Codes said that a TCL TV set he was monitoring was patched for the CVE-2020-27403 vulnerability without any notice from the company and no visible notification on the device itself.

In a statement to The Security Ledger, TCL disputed that account. By TCL’s account, the patched vulnerability was linked to a feature called “Magic Connect” and an Android APK by the name of T-Cast, which allows users to “stream user content from a mobile device.” T-Cast was never installed on televisions distributed in the USA or Canada, TCL said. For TCL smart TV sets outside of North America that did contain T-Cast, the APK was “updated to resolve this issue,” the company said. That application update may explain why the TCL TV set studied by the researchers suddenly stopped exhibiting the vulnerability.

DHS announces New Cybersecurity Strategy

While TCL denied having a back door into its smart TVs, the company did acknowledge the existence of remote “maintenance” features that could give its employees or others control over deployed television sets, including onboard cameras and microphones. Owners must authorize the company to access cameras and microphones, however, according to a company statement.

The company did not address in its public statements the question of whether prior notification of the update was given to TCL owners or whether TV set owners were given the option to approve the update before it was installed.

Sick Codes, in a phone interview with The Security Ledger, said the company’s ability to push and update code to its deployed sets without owner approval amounted to a back door that could give TCL access to audio and video streams from deployed sets, regardless of the wishes of owners.

“They can update the application and make authorization happen through that. They have full control,” he said.

Such concerns obviously raised alarms within the Department of Homeland Security as well, which has taken steps to ban technology from other Chinese firms from use on federal networks.

In his address on Monday, Acting Secretary Wolf said the warning about TCL will be part of a a broader “business advisory” cautioning against using data services and equipment from firms linked to the People’s Republic of China (PRC).

This advisory will highlight “numerous examples of the PRC government leveraging PRC institutions like businesses, organizations, and citizens to covertly access and obtain the sensitive data of businesses to advance its economic and national security goals,” Wolf said.

“DHS flags instances where Chinese companies illicitly collect data on American consumers or steal intellectual property. CCP-aligned firms rake in tremendous profits as a result,” he said.

The statement is part of escalating tensions between Washington and Beijing. On Friday, Commerce Secretary Wilbur Ross announced export controls on 77 Chinese companies including the country’s biggest chipmaker, SMIC, and drone maker DJI that restrict those firms’ access to US technology. The order cites those firms alleged ties to China’s military.

TCL did not respond to an email request for comment prior to publication of this story. We will update this story as more information becomes available.


Editor’s note: this story was updated to add reference to John Jackson, who helped discover the TCL vulnerabilities. – PFR 12/22/2020

In this episode of the podcast (#197), sponsored by LastPass, former U.S. CISO General Greg Touhill joins us to talk about news of a vast hack of U.S. government networks, purportedly by actors affiliated with Russia. In our second segment, with online crime and fraud surging, Katie Petrillo of LastPass joins us to talk about how holiday shoppers can protect themselves – and their data – from cyber criminals.


Every day this week has brought new revelations about the hack of U.S. Government networks by sophisticated cyber adversaries believed to be working for the Government of Russia. And each revelation, it seems, is worse than the one before – about a purported compromise of US government networks by Russian government hackers. As of Thursday, the U.S. Cyber Security and Infrastructure Security Agency CISA was dispensing with niceties, warning that it had determined that the Russian hackers “poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations”

The incident recalls another from the not-distant past: the devastating compromise of the Government’s Office of Personnel Management in 2014- an attack attributed to adversaries from China that exposed the government’s personnel records – some of its most sensitive data – to a foreign power. 

Do Cities deserve Federal Disaster Aid after Cyber Attacks?

Now this attack, which is so big it is hard to know what to call it. Unlike the 2014 incident it isn’t limited to a single federal agency. In fact, it isn’t even limited to the federal government: state, local and tribal governments have likely been affected, in addition to hundreds or thousands of private firms including Microsoft, which acknowledged Thursday that it had found instances of the software compromised by the Russians, the SolarWinds Orion product, in its environment. 

Former Brigadier General Greg Touhill is the President of Federal Group at the firm AppGate.

How did we get it so wrong? According to our guest this week, the failures were everywhere. Calls for change following OPM fell on deaf ears in Congress. But the government also failed to properly assess new risks – such as software supply chain attacks – as it deployed new applications and computing models. 

U.S. sanctions Russian companies, individuals over cyber attacks

Greg Touhill, is the President of the Federal Group of secure infrastructure company AppGate. he currently serves as a faculty member of Carnegie Mellon University’s Heinz College. In a prior life, Greg was a Brigadier General Greg Touhill and  the first Federal Chief Information Security Officer of the United States government. 

U.S. Customs Data Breach Is Latest 3rd-Party Risk, Privacy Disaster

In this conversation, General Touhill and I talk about the hack of the US government that has come to light, which he calls a “five alarm fire.” We also discuss the failures of policy and practice that led up to it and what the government can do to set itself on a new path. The federal government has suffered “paralysis through analysis” as it wrestled with the need to change its approach to security from outdated notions of a “hardened perimeter” and keeping adversaries out. “We’ve got to change our approach,” Touhill said.

The malls may be mostly empty this holiday season, but the Amazon trucks come and go with a shocking regularity. In pandemic plagued America, e-commerce has quickly supplanted brick and mortar stores as the go-to for consumers wary of catching a potentially fatal virus. 

(*) Disclosure: This podcast was sponsored by LastPass, a LogMeIn brand. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

The 2020 election in the U.S. is less than a week away and warnings about cyber threats to the vote are coming out with about the regularity as polls of the presidential contest between Joe Biden and Donald Trump. 

Public Sector Mega-Vendor Tyler Technologies Says It Was Hacked

On October 9, for example, the FBI and DHS warned that so called “Advanced Threat” actors were chaining together multiple vulnerabilities in an attempt to compromise federal, state and local government networks and elections organizations.

Rob Bathurst is the Chief Technology Officer at Digitalware.

Also this month, an outbreak of the Dopplepaymer ransomware affected elections infrastructure in Hall County, Georgia, disabling a database used to verify voter signatures in the authentication of absentee ballots. 

Which leads us to ask: despite years of warnings, are state and local governments ready for what Russia, Iran or any number of ransomware gangs have in store for them? 

To help answer that question, we invited Rob Bathurst into the studio. Rob is the Chief Technology Officer at Digitalware, a Denver area company that specializes in risk analysis  and risk management with Federal, state and local government and F500 companies. 

Episode 96: State Elections Officials on Front Line against Russian Hackers

In this conversation, Rob and I talk about what the biggest cyber risks are to state and local governments and how worried we should be about warnings about cyber threats to elections systems are. 

Vulnerabilities are just a reality in government networks, Rob says. The key is to avoid being surprised by attacks and also to ensure that you can keep voting systems and other critical systems available even if they are the target of an attack. 

Episode 175: Campaign Security lags. Also: securing Digital Identities in the age of the DeepFake

In this conversation, Rob  and I talk about the bigger picture of cyber risk for federal state and local governments. We also talk about incidents like the recent hack of government ERP provider Tyler Technologies. 

Rob Bathurst is the Chief Technology Officer at the firm Digitalware. he was here talking to us about cyber risks in local governments and the risk to elections systems.