May 9, 2025 Early in 2024 I met Ms. Vergara-Cobos at a conference where we shared some information about our recent respective work activities. She disclosed to me about her work leading a research study at the World Bank that focused on how cybersecurity impacts the growth of developing countries. This struck me as a […]
Research & Standards
ActiveCyber covers the latest research efforts and open standards affecting active cyber defenses. Learn about the latest developments emerging from government and industry labs – from moving target defenses to biologically-inspired immunity defenses. Find out how the leading thinkers are addressing the challenges of securing the Internet of Things. Keep up-to-date on new standards and open source tools for adaptive security and the cloud, security automation, and intelligence-based defenses. This Spotlight will raise your awareness of the emerging trends that can improve your defenses against the dynamic cyber threat.

August 21, 2024 CISA has been working hard over the last 6 years to turn the tide on the never-ending stream of zero days and vulnerable systems that continue to plague our everyday lives. In 2018, it formed the ICT SCRM Task Force—a public-private partnership charged with identifying challenges and developing actionable solutions to enhance […]

Press Release – March 7, 2024 SRI chosen to deliver cyber-psychology-informed network defense technology for IARPA The innovative program will be centered around the psychology of cyber attackers. [March 7, 2024]: Menlo Park, CA – SRI announced today that it has been selected by Intelligence Advanced Research Projects Activity (IARPA) to deliver advanced technology for its recently announced Reimagining […]

April 18, 2024 It is evident over the last few years that central national governments are applying tighter controls on the security of software and hardware products – from labels for IoT devices in the US and abroad, to controls over AI research and bans on high risk AI models, to more timely reporting requirements on vulnerabilities, ransomware, […]

April 18, 2024 This is the second part of a two part series. You can find the first part of this feature at this link. It is evident over the last few years that central national governments are applying tighter controls on the security of software and hardware products – from labels for IoT devices in […]

For several years I have been honored to be a guest at the annual Forum on Financial Information Systems and Cybersecurity: A Public Policy Perspective organized at the University of Maryland by Larry Gordon, EY Alumni Professor of Managerial Accounting and Information Assurance; Martin Loeb, professor of accounting and information assurance and a Deloitte & […]


In my last article on the EO 14028 I mentioned that I thought there were several parallels between what the EO was calling out and some of the concepts and technologies that I discussed in my interviews and articles over the last 6 years. I constructed this crosswalk to reflect these relationships. I also added […]


What Roles Do Provenance and Reputation Play in “Authentic-By-Design” Approaches to Digital Content?
People make decisions every day that involve risk and uncertainty. Generally, we reconcile a variety of decision models using risk criteria often provided by organizational policies and/or guided by a variety of personal belief and trust systems. Many times we are forced to address ambiguous situations in uncertain ways, using uncertain terms and with uncertainty […]

Current Security Trends Reveal Difficulties in Assuring Authenticity Recently I was thinking about some of the major security challenges and problems of 2020 and going forward into 2021 like the ongoing SolarWinds supply chain mitigation issues; election fraud; the problems around disinformation and deepfakes; false flags in cyberattacks and the difficulties in making accurate attribution; […]
