Incident response: a first principle idea.

Show Notes

Rick discusses incident response as a best practice for the network defender community, talks briefly about Zoom and how well their communications plan worked earlier this year when the network defender community called their web conferencing app out on several security issues, and how poorly OPM handled their incident response when the Chinese stole the PII of every person that worked in the U.S. government. Finally, he talks about the birth of incident response and the most influential cybersecurity book ever: “The Cuckoo’s Egg.”

Resources:

“A Tour of the Worm,” by Donn Seeley, Department of Computer Science, University of Utah, February 1989.
"Computer Security Incident Handling Guide: Special Publication 800-61 Revision 2,” by Paul Cichonski, Tom Millar, Tim Grance, and Karen Scarfone, NIST - National Institute of Standards and Technology, U.S. Department of Commerce, August 2012.
“Framework for Improving Critical Infrastructure Cybersecurity,” National Institute of Standards and Technology, Version 1.1, 16 April 2018, Last visited 17 June 2020.
“Robert Tappan Morris – The Morris Worm,”Hackers, Crackers And Thieves: An Index Of Cyber Good Guys, Bad Guys, And Some In-Between.
“STALKING THE WILY HACKER,” by CLIFFORD STOLL, COMMUNICATION OF THE ACM, May 1988 vol. 31. No. 5.
“The Cornell Commission: On Morris and the Worm,” Communications of the ACM, June 1989.
“The Cuckoo's Egg,” Brian Lamb, Book Notes, C-SPAN, 3 December 1989.
“The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage,” by Clifford Stoll, Gallery Books, 1989.
“The Cybersecurity Canon: The Cuckoo’s Egg,” By Rick Howard, Cybersecurity Canon Project, 24 December 2013.
“The KGB, the Computer and Me,” by Robin Bates, WGBH, 3 October 1990.
“The Morris Worm: 30 Years Since First Major Attack on the Internet,” FBI, 2 November 2018.
“The OPM Breach: Timeline of a Hack,” by David Bisson, Tripwire, 29 June 2015.
“The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation,” Committee on Oversight and Government Reform U.S. House of Representatives 114th Congress, 7 September 2016.
“USIS contracts for federal background security checks won’t be renewed,” By Christian Davenport, Washington Post, 9 September 2014.
“USIS, security firm that backgrounded Snowden, also checked Navy Yard shooter,” By Michael Isikoff, NBCNews, 19 September 2013.

HOST(S):

Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.

Schedule: Mondays (in season)

Credits: Edited by John Petrik and executive produced by Peter Kilpe. Our theme song is by Blue Dot Sessions, remixed by the insanely talented Elliott Peltzman, who also does the show's mixing, sound, and original score

Creator: CyberWire, Inc.