Artificially Intelligent Unstructured thoughts on cyber security, cyber warfare, information warfare, resilience, and all things risk management.

Framework, strategy and processes

Often I see the terms "framework", "strategy" and "process map" used for a variety of documents that typically aren't neither or are a mix of all three. Here's a quick... »

Sony Pictures and risk management

Sony Pictures information security team, small as it is, is in the crosshairs of all and sundry after the recent breach of significant proportions. As is typical for information security,... »

Dunning-Kruger Effect and I, the impostor

Dunning-Kruger effect is an illusion of competence bias, presenting itself in two ways: one, the severely incompetent do not recognise their own incompetence, nor do they recognise competence in others,... »

Wassenaar Arrangement and dual-use computer code

The Wassenaar Arrangement is frequently mentioned in information security (and vulnerability research in particular) since inclusion of computer code as dual-use good. The Agreement does not clearly specify what is... »

Microsoft, No-IP and lawfare

In the grand gesture of protecting public wellfare Microsoft exposed just how fragile the internet really is when a large organisation decides to use lawfare. All that's needed is a... »

Russia's New Generation Warfare in Ukraine

Recently Edward Lucas tweeted a series on the changes in Russian military doctrine, which signified a change away from physical combat and towards information domination in the form not seen... »

China: c-c-changes

This article on unintended consequences of China's President's Xi Jinping's drive to purge the China's Communist Party of corruption is likely to go unnoticed by most. Which is a shame,... »

Cyber war and Russian view

Keir Giles’ wrote a good paper that you really should read on the Russian view of the information warfare/operations (cyber warfare) legality. This is a fairly neglected aspect of... »

Not everyone is WEIRD

If you are told that you are WEIRD don't take it as an offence. It likely means that you belong to about 12% of the global population that is Western,... »

Cyber and the art of conversation

Spurred by Justine Aitel’s talk at SOURCE Boston where she supposedly (not being there is a bit hard to confirm that) said that IT risk and/or security industry... »

Cyber espionage - the Chinese way

We reviewed the Chinese intelligence community structure, the way they collect data and, as a result of the first two, also tackled the monolith myth of China in order to... »

China: The monolith myth

Diversity that is China China is always seen by the West as a big, monolithic country. That nothing could be further from the truth does not shake that popular wisdom,... »

Urbicide, cybercide and living memory

Is revision of history, so thorough that it is impossible to prove it, possible? The short answer, of course, is yes. In the past such revisions would take generations and... »

The Chinese way of collecting data

Just like the Russian intelligence services make a great deal of using traditional tradecraft and Western agencies prefer clear-cut approach which leaves no doubt in the asset's mind who they... »

Cyber: what does it even mean?

Cyber is hot property nowadays. There’s not a “thought leader”, an organisation, a think tank, an industry body, government body, and the list goes on and on and on.... »