Commodification of Cyber Capabilities: A Grand Cyber Arms Bazaar
“Commodification of Cyber Capabilities: A Grand Cyber Arms Bazaar“
Speakers: Henry, A. (FireEye, Inc.); Hunter, K. (FBI); Madsen, D. (CIA); Walther-Puri, M. (NYC Cyber Command)
Date: 19 November 2019
Speaker Session Preview
SMA hosted a speaker session presented by Mr. Munish Walther-Puri (NYC Cyber Command), Mr. Kyle Hunter (FBI), Mr. Aaron Henry (FireEye, Inc.), and Mr. Dana Madsen (CIA) as a part of its SMA General Speaker Series. To begin, Mr. Henry stated that the proliferation and commodification of cyber offensive capabilities through the emergence of a “grand cyber arms bazaar” is reshaping the cyber balance of power, enabling a wide variety of actors to use cyber tactics for geopolitical impact and/or economic gain. He explained that the purpose of his team’s research was to create a framework that distinguishes actors from one another and explore the current deficiency of cyber deterrence efforts, the lack of clear redlines, and the unintended consequences of cyber engagement. Mr. Henry then presented the team’s findings. They found that foreign actors have had varying levels of success in using cyber means for profit, collection, and attack. They also found that policy challenges related to deterrence, redlines, and escalation have resulted from the lack of cyber norms and challenges faced by the West in imposing consequences for malicious cyber activity and actions that fall under the threshold of war. Mr. Henry also stated that private and public sector executives need to posture their organizations for an increasing risk of surprise in cyberspace. These executives need to account for geopolitical developments in their cyber defenses, find ways to bolster operational and technical resilience, and learn to prioritize threats. Next, Mr. Hunter provided a detailed description of the the framework that his team created. In this framework, actors are labeled as established, emerging, or opportunistic based on the organizational maturity of their cyber programs. The ability of actors to quickly buy, build, or bridge sophisticated cyber capabilities and processes is also factored into the framework. Mr. Hunter explained that these tactics allow an actor to jump from a lower level of capabilities to a higher level very rapidly. Next, Mr. Madsen highlighted some of the implications of an actor’s decision to buy, build, or bridge cyber capabilities. Mr. Walther-Puri then identified areas for further work and outlined several policy challenges involving deterrence, redlines, and escalation. To conclude the session, he stated that none of this research matters unless someone does something with the results, whether it is engaging in a conversation about them or making a decision to reallocate resources.
Speaker Session Audio Recording
To access an audio recording of the session, please email Ms. Nicole Omundson (nomundson@nsiteam.com).
Madsen, Boyle, Henry & Walther-Puri Bios
Dana Madsen has gained a broad understanding of the range of cyber-related geopolitical, economic, defense and technical issues, informed by nearly 20 years of US government and military cyber experience gained in a spectrum of domestic and international contexts. During the past decade, he has managed national security programs of increasing complexity and currently leads a multidisciplinary cyber threat analysis program. He holds a doctoral degree in computer engineering from Cornell University.
Clare Boyle is an Economist and Acquisition Specialist at the US Coast Guard. In her current role, she works with major acquisition programs to implement system security engineering, program protection and cybersecurity measures into their acquisition lifecycle. Previously, Boyle worked with the US Coast Guard and the Defense Health Agency as a Senior Consultant at Booz Allen Hamilton, where she implemented data science and analysis solutions both internally and for her clients. As part of her Data Science certification, Boyle completed a capstone project that leveraged machine learning to predict major data breaches. By creating an algorithm that analyzes live data sources about sources, locations, and targets of data breaches, she was able to make recommendations to organizations and corporations based on their unique data characteristics. Boyle holds a bachelor's degree in Economics from the University of Mary Washington and a Master's Degree in Commerce from the University of Virginia.
Aaron Henry is a threat analyst at FireEye, Inc. where he works on the International Incident Intelligence (I3) team. He provides analysis on a wide range of issues to enable stakeholders across many industries to efficiently respond to cyber threats. Prior to joining FireEye, Aaron was an intelligence analyst at the National Cyber-Forensics and Training Alliance (NCFTA) in Pittsburgh. At the NCFTA, Aaron worked on the Cyber Financial (CyFin) team collaborating with financial institutions, law enforcement, and other external partners to disrupt and dismantle cyber threats to the financial services industry. In this role, his primary focus was analyzing Russian-speaking threat actors and criminal groups. Aaron holds bachelor’s degrees in Intelligence Studies and Political Science from Mercyhurst University.
Munish Walther-Puri is the Director of Cyber Risk for New York City Cyber Command. Previously, he founded Presearch Strategy, a firm dedicated to applying technology and analytics to geopolitical risk, strategic intelligence, and cybersecurity, and was the chief research officer at a dark web data intelligence startup, leading the strategy and operations of analysis, intelligence, and reporting. He also spent time at Citigroup, working on the intersection of fraud, cyber investigations, and terrorism. Munish is a seasoned analyst, consultant, and trainer, with experience in technology, financial services, risk consulting, and policy. He is also actively contributes to the analytical and security communities - as a member of the Analyst Roundtable, INSA’s Cyber Council, the International Consortium of Minority Cybersecurity Professionals, and the ODNI-DHS Analyst Exchange Program. Munish advises the Fletcher Political Risk Group and the Do No Digital Harm Initiative, as well as serves on the Program Committee for Enigma 2020.
Site-wide Search
Search all site content, including all NSI and SMA publications, SMA Speaker series, NSI Team member bios, services, portfolio projects, company info, and more.
