Gate 15‘s Andy Jabbour joins us on this episode of CyAN’s Secure-in-Mind series, as we discuss a wide variety of topics. We cover information and intelligence sharing, geopolitics, US and European cybersecurity capabilities, information security investment, collective cyberdefence, adversaries, threats, and some nifty travel tips.
Notes and Links:
As always, we haven’t read all of these in their entirety, and the Wikipedia links are provided as-is, and only meant as a starting point for someone interested in more than just casual information.
02:12 Financial Services ISAC – https://fsisac.com
04:01 US Presidential Policy Directive (PPD) 21, “Critical Infrastructure Security and resilience” – https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors
05:14 https://eur-lex.europa.eu/eli/dir/2022/2555/2022-12-27/eng – “sectors of high criticality” are described in Annex I & II
06:09 “All-hazards” is a very broad term with numerous different definitions. Basically, it means “taking all types of risks and threats, and what you need to deal with them, into account”.
07:18 WannaCry – https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
07:32 Health ISAC – https://health-isac.org/
09:49 The EU ISACs website appears to be offline, but ENISA has some information: https://www.enisa.europa.eu/topics/state-of-cybersecurity-in-the-eu/national-cybersecurity-strategies-0/information-sharing-and
14:33 The US does not have any national cybersecurity law per se, but several federal agencies have essentialy mandated that critical sector firms join their respective sector ISAC. By contrast, the EU ISAC ecosystem is less mature, and less well supported and recognized by e.g. ENISA (the European Network and Information Security Agency), with no such mandates. Other countries tend to have information sharing initiatives built around government agencies – for example, the UAE financial sector’s cyber resilience exercises are organized by the central bank.
14:38 NY State Department of Financial Services – https://www.dfs.ny.gov/
17:44 UK NCSC Industry 100 – https://www.ncsc.gov.uk/section/industry-100/about
18:02 UP-KRITIS – https://www.bsi.bund.de/EN/Themen/Regulierte-Wirtschaft/Kritische-Infrastrukturen/UP-KRITIS/up-kritis_node.html
19:23 CISA recently dismantled the Cyber Security Review Board (CSRB) which was looking into the Salt Typhoon and Volt Typhoon groups in January of 2025: https://federalnewsnetwork.com/cybersecurity/2025/03/lawmakers-probe-dhs-cyber-typhoon-response-future-of-csrb/
19:30 E.g. https://www.reuters.com/world/us-suspends-some-efforts-counter-russian-sabotage-trump-moves-closer-putin-2025-03-19/
20:13 https://therecord.media/podcast
20:17 Specific episode on iTunes: https://podcasts.apple.com/us/podcast/is-trump-making-the-us-more-cyber-vulnerable/id1225077306?i=1000699608384
21:18 https://tribalhub.com/
23:23 https://bsky.app/profile/rgblights.bsky.social
23:37 https://breakingdefense.com/2025/03/ex-nsa-cyber-chief-warns-of-devastating-impact-of-potential-doge-inspired-firings/
23:46 https://www.theregister.com/2025/03/18/cisa_rehired_doge/
Obligatory whoopsie-doodle: https://bsky.app/profile/ericjgeller.com/post/3lkldrq7jek2z
24:58 FVEY – https://en.wikipedia.org/wiki/Five_Eyes
25:48 Obligatory plug to donate – https://u24.gov.ua/
26:36 https://www.washingtonpost.com/world/national-security/trump-revealed-highly-classified-information-to-russian-foreign-minister-and-ambassador/2017/05/15/530c172a-3960-11e7-9e48-c4f199710b69_story.html
26:45 For example https://ec.europa.eu/commission/presscorner/detail/en/ip_25_793
27:39 Locked Shields – https://ccdcoe.org/locked-shields/
28:39 Jen Easterly – https://en.wikipedia.org/wiki/Jen_Easterly
29:45 https://www.independent.co.uk/bulletin/news/europe-canada-portugal-f35-fighter-jets-trump-eurofighter-b2718770.html
29:49 Not really, but US control over spare parts, upgrades, and digital mission information is a serious concern
30:01 https://en.wikipedia.org/wiki/Saab_JAS_39_Gripen
30:40 https://www.theguardian.com/us-news/2025/mar/18/musk-starlink-internet-white-house
31:24 For example Eutelsat, part of the consortium deploying Europe’s IRIS² satellite constellation – https://defence-industry-space.ec.europa.eu/eu-space/iris2-secure-connectivity_en
32:51 Just in regards to cooperation with Romania, there are numerous examples, such as https://www.europol.europa.eu/media-press/newsroom/news/arrest-in-romania-of-ransomware-affiliate-scavenging-for-sensitive-data and https://www.fbi.gov/contact-us/field-offices/losangeles/news/romanian-police-serve-dozens-of-warrants-following-parallel-investigation-with-the-fbis-los-angeles-field-office
34:37 Alexander Litvinenko and Maxim Kuzminov for starters, plus the muder attempts on Sergei and Yulia Skripal
34:43 https://www.reuters.com/world/europe/threat-plot-murder-rheinmetall-ceo-was-part-sabotage-campaign-nato-says-2025-01-28/
34:45 https://en.wikipedia.org/wiki/2014_Vrb%C4%9Btice_ammunition_warehouse_explosions and
https://www.wsj.com/world/europe/russian-saboteurs-behind-arson-attackat-german-factory-c13b4ece
34:51 https://www.euronews.com/my-europe/2024/11/28/russian-attacks-on-undersea-cables-most-serious-threat-to-our-infrastructure-nato – see our two-part podcast on this topic, at https://cybersecurityadvisors.network/2024/09/10/subsea-cables-a-crunchy-target/
50:48 Which is still one of the greatest (and seriously, most technologically influential) multiplayer games of all time. It’s also a GPA killer sans pareil – https://en.wikipedia.org/wiki/Netrek
51:07 A classic – https://www.wilyhacker.com/
51:58 21°14’37.7″S 55°42’58.5″E -ish
54:36 That’s the one with the costumes that freak out all the Americans. If you know, you know.
You can find CyAN’s Secure-in-Mind YouTube channel at https://youtube.com/@cybersecadvisors. All of our episodes are also available in audio format on Apple iTunes, Amazon Audible, Podcast Republic, Spotify, and Libsyn – links on our Media page.