TAPROOT SECURITY®
Cybersecurity Consulting

Smelling blood, American adversaries began circling like sharks during the 35-day partial government shutdown.

Chinese cyber exploits are back in the news with a bombshell story claiming China planted tiny “spy chips” inside Made in China servers now in major data centers of Amazon, Apple, and others. Amazon and Apple vigorously deny knowing about spy chips on their servers, even though the story quotes unnamed “senior sources” at both companies. Observers point to this confusion as an example of why reporting on the secretive national security world is challenging. Many security lead

Cyber security is played for high stakes in a world of shadowy threats. Although it’s seldom discussed openly, this dark game can take a psychological toll on people who play it. Some IT security professionals come from law enforcement or intelligence backgrounds, so they’ve played dark games before and know the mental traps and pitfalls. But many come from corporate IT backgrounds or straight out of college. No one prepares them for what’s to come. Like our intelligence a

You probably know Cambridge researchers got access to 50 million Facebook user profiles, then gave the data to a private political operation working on behalf of the 2016 Trump presidential campaign. You can learn more from New York Times and Guardian stories. Adding fuel to the fire, Alex Stamos resigned his position as Facebook Chief Security Officer . With this breach, perhaps a thankless and difficult job became impossible. Congress threw more gasoline on the fire, as mem

One outrageous thing we learned about the Equifax breach (among many) is that three corporate executives sold company stock after the breach was discovered but not yet disclosed . Equifax stock tumbled 35% when the attack was announced, but by then insiders had already unloaded their shares and earned nearly two million dollars. If those executives knew about the breach, this is troubling. No one should profit from a cyber-attack, especially not officers of the victim company

Net Neutrality's demise may open the door to overdue cybersecurity improvements. Before you send me hate mail, let me reiterate my opposition to FCC’s repeal of Net Neutrality this week. I deplore it. It was bad for consumers, bad for site owners, and bad for the Internet. I submitted comments directly to FCC months ago and signed the EFF letter to FCC. Hopefully a future administration or Congress (or court ruling) will restore Net Neutrality, but for now the damage is done.

Hurricanes get names (Harvey, Irma, Jose, Maria…) assigned alphabetically by the National Oceanic and Atmospheric Service (NOAA). Biologists name new species in peer-reviewed journals. Astronomers suggest names for stars and moons, but the International Astronomical Union (IAU) must approve them. The information security profession is less mature, although vulnerabilities in software and hardware products do get numeric identifiers. For example, a vulnerability announced t

Hackers don’t exploit our computers; they exploit our ignorance. Most of us lack even a basic idea of how our digital gadgets work. They’re magic. And magical thinking makes us vulnerable to threats. Arthur C. Clarke observed, “Any sufficiently advanced technology is indistinguishable from magic.” But this only holds true for those who don’t know how a technology works. Our ignorance makes it appear supernatural. A column in this month’s Scientific American argues that Ap

The information security profession has long mined biology for metaphors to describe cyber threats. For example, we call certain forms of malware “viruses” or “worms”. If the malware successfully installs, we call the event an “infection” and follow up with a “forensic” investigation. If a malware “strain” changes, we call it a “mutation”. Some have attempted to develop these casual metaphors into more rigorous frameworks. Academic papers such as “Biological Approach to S

Last week the White House announced the appointment of Gregory Touhill as the nation’s first Federal Chief Information Security Officer (CISO). Touhill is a retired Air Force general currently serving as acting director of the National Cyber and Communications Integration Center (NCCIC). When I toured the NCCIC operations floor, I wasn’t impressed by the walls of monitors or flashing red lights. What impressed me was the people. They seemed to work as a real team in an int

Conspiracy theories sprout like mushrooms in the fertilized hothouse known as Twitter. Today, in the wake of news reports that Russian hackers stole Trump opposition research from the Democratic National Committee, Twitter is abuzz with speculation that Russia carried out the operation on behalf of Donald Trump. After all, why else would Russia want those files? After all, aren’t Putin and Trump BFFs? By #twitterlogic it must be true. DNC called in CrowdStrike to investig