Recent Posts

Broadcasting as a Cyber Threat Vector: Ten Steps Broadcasters Need to Take Now

Cyber threats to financial institutions, electric utilities, broadband providers, government agencies, Hollywood studios and even emerging Web-connected household appliances get a lot of ink. But one major potential threat vector, television and radio broadcasting, doesn't conjure up the kind of concerns that these other avenues of cyber intrusion do.

That's changing, though, in the wake of a major cyber attack that took place last April when French broadcaster TV5Monde was hijacked, with eleven of its channels going dark and its social media outlets commandeered to display pro-ISIS messages. Although a group called the CyberCaliphate claimed credit for the damaging breach, the French government has lately cast some blame on Russian hackers who, the government suggests, was using the CyberCaliphate as a false flag.

Whatever the case may be, the TV5Monde attack was a wake-up call to the broadcasting sector that it too is vulnerable to the kinds of disruptive cyber intrusions and attacks that affect other critical aspects of society. That's why top broadcasting publication TVNewsCheck and I have joined hands to offer the first of its kind webinar, "Cybersecurity for Broadcasters: Ten Steps You Need to Take Right Now," aimed at helping broadcasters come up to speed on how to protect their assets from unwanted and potentially damaging cyber intrusions and how to become more resilient in the face of what will undoubtedly be more future cyber attacks.

Slated for July 22 from 2 pm to 3:30, the webinar features a top line-up of experts (with more to come) including:
  • Rear Admiral (ret) David Simpson, Bureau Chief, FCC Public Safety and Homeland Security
  • Kelly Williams, Engineering & Technology Policy, Senior Director, National Association of Broadcasters
  • Ed Czarnecki, Strategy & Global Government Affairs, Senior Director, Monroe Electronics
For more background on the array of cybersecurity concerns that broadcasters face, check out the piece I wrote for TVNewsCheck that I hope lays it all out fairly well and stayed tuned for more information as we update the speaker line-up. If you have any thoughts or questions, drop me an email. (As a personal aside, it's been nice to bring my two areas of professional experience, communications media and cybersecurity, together in an interesting project, something I hope to continue to explore).

And don't forget to check out, a continuously updated source of cybersecurity intelligence and news aimed at solving the info-overload that increasingly bedevils most infosec professionals.

Top Cybersecurity Writers, By the Numbers

Last week I posted an analysis of how often various publications appeared during the first six weeks or so of active tracking on Metacurity, our new continuously updated resource on cybersecurity news and information. (For more on Metacurity and how we're selecting which articles and blog posts make the cut, see this post).

Now we turn to the actual journalists, bloggers, pundits and others who actually write the posts.  As the table below shows, 128 writers appeared more than once in approximately 1,220 posts from March 29 through mid-day on May 6 (links are to the writers' Twitter profiles, where they could be found).

Topping the list is Darren Pauli from The Register, not a surprise given that The Register also topped our list of publications, focused as it is on the nitty-gritty of IT technology. In fact, the vast majority of writers who top the list below are focused almost exclusively on matters related to information security -- again no surprise.

A word of caution though:  quantity does not necessarily equal quality. Many of the top writers working in the field appear lower down on the list presumably because they are not pressured to fill the hole each day and are given some latitude to spend time on bigger pieces or on related beats, such as privacy and national security.

In addition, some excellent writers are working for publications that put content behind paywalls and are not reflected here (Politico is the exception because some Politico pieces are available without paid subscriptions).

I was surprised at the amount of feedback I received on the first post detailing the publications by the numbers and welcome again feedback on this list.  As Metacurity evolves we will be adding additional publications, bloggers and sources and new features that make the site a more dynamic resource for cybersecurity news and information. Give us your feedback on the sources we rely upon and what additional information we should be incorporating into our system.

Metacurity Posts by Writer, 3/29/2015 to 5/6/2015
Writer# PostsPrimary Publication
Darren Pauli32 The Register
Waqas31 Hack Read
Eduard Kovacs27 Security Week
John Leyden24 The Register
Maria Korolov21 CSO Online
Dan Goodin20 Ars Technica
Michael Mimoso19 Threat Post
AFP17 Security Week
BrianPrince17 Security Week
Mike Lennon16 Security Week
Zack Whittaker16 ZDNet
Lorenzo Franceschi-Bicchierai15 Motherboard
Adam Greenberg15 SC Magazine
Brian Krebs15 Krebs on Security
Ashley Carman12 SC Magazine
Lucian Constantin12 CSO Online
Dennis Fisher12 Threat Post
Aliya Sternstein12 NextGov
Thomas Fox-Brewster11 Forbes
Andy Greenberg11 Wired
Kelly Jackson Higgins11 Dark Reading
Charlie Osborne11 ZDNet
Sara Peters11 Dark Reading
Cory Bennett10 The Hill
Graham Cluley10 Graham Cluley
Richard Chirgwin9 The Register
Jeremy Kirk9 CSO Online
Steven Ragan9 CSO Online
Iain Thomson9 The Register
Danielle Walker9 SC Magazine
Kim Zetter9 Wired
Dustin Volz8 National Journal via Next Gov
Robert Abel7 SC Magazine
Kyle Ellison7 We Live Security
Julian Hattem7 The Hill
Alexander Martin7 The Register
Stewart Baker6 Lawfare
Cyrus Farivar6 Ars Technica
Grant Gross6 Computer World
Shaun Nichols6 The Register
Mohana Ravindranath6 Next Gov
Bruce Schneier6 Lawfare
Sara Sorcher6 Passcode
Leon Spencer6 ZDNet
Taylor Armerding5 CSO Online
Chris Brook5 Threat Post
Joseph Cox5 Motherboard
Brian Donohue5 Threat Post
Sean Gallagher5 Ars Technica
Frank Konkel5 NextGov
Dave Lewis5 Forbes
Mario Trujillo5 The Hill
DAN FROOMKIN4 The Intercept
Hallie Golden4 NextGov
Robert Graham4 Errata Security
Swati Khandelwal4 The Hacker News
Rachel King4 ZDNet
Glyn Moody4 Ars Technica
Jordan Pearson4 Motherboard
Nicole Perlroth4 New York Times
Elise Viebeck4 The Hill
Wang Wei4 Hacker News
Paul Farrell3 The Guardian
Samuel Gibbs3 The Guardian
Roger Grimes3 Info World
Shane Harris3 The Daily Beast
Michael Heller3 TechTarget
Ben Kepes3 Forbes
Jason Koebler3 Motherboard
David Kravets3 Ars Technica
Mohit Kumar3 The Hacker News
Tony Morbin3 SC Magazine
Paolo Passeri3 Hackmageddon
Steve Ranger3 ZDNet
Teri Robinson3 SC Magazine
Jack Schofield3 ZDNet
Evan Selinger3 Passcode
Darlene Storm3 Computer World
Lee Suster3 SC Magazine
Kevin Tofel3 ZDNet
Joe Uchill3 Passcode
David Auerbach2 Slate
Violet Blue2 ZDNet
Tony Bradley2 CSO Online
Steve Cobb2 We Live Security
Kenneth Corbin2 CSO Online
Chris Duckett2 ZDNet
Kristen Eichensehr2 Just Security
Lee Fang2 The Intercept
Kelly Fiveash2 The Register
John Fontana2 ZDNet
Natalie Gagliordi2 ZDNet
Megan Geuss2 Ars Technica
Alexandra Gheorghe2 Hot for Security
Stephen Glasskeys2 Computer World
Jack Goldsmith2 Lawfare
Matthew Goldstein2 New York Times
Tim Greene2 Computer World
Wendy Grossman2 ZDNet
Robert Hackett2 Fortune
Kat Hall2 The Register
David Harley2 WeLiveSecurity
Alex Hern2 The Guardian
Michael Horowitz2 ComputerWorld
Patrick Howell O'Neill2 Daily Dot
Gregg Keizer2 Computer World
Herb Lin2 Lawfare
Rafal Los2 Security Week
Alan Martin2 We Live Security
Tony Martin-Vegue2 CSO Online
Joseph Menn2 Reuters
Jack Moore2 Next Gov
Joe Mullin2 Ars Technica
Ellen Nakashima2 Washington Post
David Perera2 Politico
Jason Polancich2 Security Week
Fahmida Rashid2 Security Week
Paul Roberts2 Passcode
Paul Rosenzweig2 Lawfare
Simon Sharwood2 The Register
Marc Solomon2 Security Week
Patrick Tucker2 Defense One
Camille Tuutti2 NextGov
Bob Violino2 CSO Online
Martyn Williams2 Computer World
Eileen Yu2 ZDNet

Top Cybersecurity News and Information Sources, By The Numbers - UPDATE

(Update:  Astute reader and topic maps (semantic integration) maven Patrick Durusau pointed out to me that I had the New York Times listed twice in an earlier version of this list, once as The New York Times and once as simply New York Times. The new list corrects this glitch.  Not only that but he also pointed out that National Journal and NextGov are different publications, which they indeed are.  But because NextGov publishes so many National Journal pieces, I'm not 100% certain from the data alone which came from which, so I merged the two.  He also kindly went out of his way to put hyperlinks to the relevant publications in my table!)

Starting on March 29, I began to systematically sift through voluminous news articles, blog posts and other sources to pick the most relevant, timely and knowledgeable items on cybersecurity matters to post on (See previous post for an introduction to Metacurity and an explanation of the criteria used for selection.) From that date through mid-day on May 6, Metacurity featured 1,220 posts from across well over 100 different publications, mostly traditional consumer interest and trade publications, as well as specialized blogs.

In an effort to better improve the selection and publication process, we’re currently analyzing the data to develop better filters and formulas.  One slice of interesting information is the frequency with which various publications appear across the still-nascent data set – obviously over time the data will change as the database gets bigger, more sources are added and newsworthy developments shift.

Articles Posted in Metacurity, 3/29/2015 to 5/6/2015
Source# Posts% Total
The Register1008.2%
SC Magazine594.8%
Ars Technica483.9%
NextGov and National Journal413.4%
Hack Read322.6%
The Hill322.6%
The Guardian191.6%
New York Times171.4%
Krebs on Security151.2%
The Hackers News110.9%
Hot for Security100.8%
Lawfare Blog100.8%
The Intercept90.7%
Wall Street Journal90.7%
IT World70.6%
Just Security50.4%
Schneier on Security50.4%
BBC News40.3%
Errata Security40.3%
Network World40.3%
The Daily Beast40.3%
The Diplomat40.3%
Washington Post40.3%
Business Insider30.2%
Google Security**30.2%
International Business Times30.2%
USA Today30.2%
Financial Times20.2%
Freedom to Tinker20.2%
Harvard Business Review20.2%
Info World20.2%
MIT Technology Review20.2%
The Security Ledger20.2%
Associated Press20.2%
*Technically a corporate blog by Kaspersky but features many newsworthy, journalistic-type posts.
**Technically a corporate blog by Google but important because of the nature of the posts.
***Recent resource added.

Of the sources published, 57 or 58 publications (I merged National Journal and NextGov)  received two or more posts, excluding posts from vendor blogs. Of these 57 or 58  sources, The Register grabbed more of the screen time than any other publication, no surprise given its focus on the nitty-gritty reality of IT technology. Likewise, all but one of the other top ten resources have as their main focus information security, IT technology or other specialized subjects where cybersecurity is a main concern.

The appearance of inside-politics publications such as the National Journal (which cross-publishes with NextGov) and The Hill is likewise no surprise given the ascendancy of cybersecurity in Washington and the pendency of cybersecurity legislation. A good deal of excellent coverage of Washington-related cybersecurity matters appears in paid-access-only publications such as Politico, which launched last year its own cybersecurity publication and makes some articles available outside its paywall. Paid-access publications don’t appear on Metacurity because, well, that would be too frustrating for casual visitors.  This may change over time.

For now, this list is interesting but definitely subject to change as time moves on, as more publications beef up their cybersecurity beats and as we refine our methods for pinpointing the best sources and items of information.

Stay tuned and please talk to us. Tell us what resources we're missing that you rely on and what additional types of information you'd like to see in the mix.

Introducing Metacurity – An Answer to Cybersecurity Information Overload

It’s been a long time since I blogged here – about a half a year actually.  In that time I’ve been working on various projects that pushed blogging to the back seat.  One of those projects was to redesign this blog into a more professional look and integrate the blog into a redesigned corporate website, with a common look-and-feel.

Along the way, I decided to incorporate into the new integrated sites a “news feed” that addresses a problem plaguing the digital and network security sector:  information overload. Fairly soon, that redesign project took a back seat to figuring out how to sift through the escalating number of news stories, journal articles and other sources of cybersecurity information and present it in a way that is the most helpful to overworked cybersecurity practitioners and other professionals interested in the subject.

For at least the past five months I’ve increasingly focused on that challenge to the point that it’s almost become a more than full-time job. The result of that work is a stand-alone website, Metacurity. Relying on over fifty (and growing) standard sources of cybersecurity news, plus dozens of other sources, Metacurity is an evolving site that presents sifted, breaking and other news in a clean, easy-to-scan format.
I’ve worked out a system for selecting the most timely, useful and relevant articles, blog posts, and other sources and publishing them in summary form, with links directly back to the sources themselves. Although still wholly subjective and imperfect, I use a rough set of criteria for what gets published. These criteria generally are:
  1. Timeliness: Although articles that break news aren’t necessarily always the most informative or best, being first does matter, if for no other reason than it shapes the conversation.
  2. Level of Skill: Well-written articles and posts that do justice to the subject catch more attention. Articles that are nothing more than a couple of paragraphs, gloss over or fail to point out important distinctions or are extremely late to the game don’t appear that frequently.
  3. Originality: A related criteria is originality. Items that are typically rewrites of press releases or rewrites of major news stories with very little additional reporting or analyses are low on the priority list.
  4. Pure-Play: The topic of cybersecurity overlaps with so many other topics – privacy, cloud computing, national security, criminal justice, diplomacy and other major concerns. It’s difficult to parse out articles, reports, blog posts and studies that are solely focused on how to maintain secure reliable networks. But, those articles that do deal mostly or exclusively with cybersecurity get higher priority.
  5. Impact:  Some “scoops” have major impact on discussions surrounding cybersecurity. Some headline-breaking articles in the cybersecurity arena do not necessarily hold up under further analysis but nonetheless create a stir. Although rare, these kinds of reports are higher on the priority list.
In the middle of the site, or further down the screen on mobile devices, appear blog posts produced by cybersecurity vendors labeled as “Corporate Posts.” These items are useful and often news-making posts produced by the dozens of vendors in the IT and information security arena.  (Although the Corporate Posts are selected based on editorial judgment, we are offering vendors the opportunity to spotlight their posts at the top of this section via sponsorships. We are also offering companies the ability to promote their employment opportunities and conference organizers to promote their events via highlighted entries in our events section.)

Metacurity also features a table that encapsulates cybersecurity events around the globe and a handy box for employers to promote their cybersecurity openings to the tiny available pool of available and qualified cybersecurity professionals.

Ultimately Metacurity will become much more efficient at picking out what’s important based on data analysis.  As Metacurity evolves, we’ll add more and different types of information. I want feedback on how to make the site better and more informative. Please contact us and share your thoughts.  Happy reading!

And yeah…I’m finally getting around to the redesign of this blog.  Stay tuned.

Twitter Delicious Facebook Digg Stumbleupon Favorites More