White House security strategy and more: first officer's blog - week 41

The White House's national security strategy, a TikTok ban, and more. Read more for the latest stories from the world of cyber risk

Mike Parkin | March 06, 2023

First Officer’s log, Terrestrial date, 20230306. Officer of the Deck reporting.  

After the experience with the consultant, the crew was eager to get back to our usual business of doing the kind of 2nd contact and planetary support missions ships like the [REDACTED] were designed to do and her crew was trained to do. We were good at it, and even though we didn’t collect scores of unit citations like one of the front-line ships, we had gathered some well-earned accolades that the crew was justifiably proud of. 

That level of recognition did, occasionally, lead to our receiving assignments that usually went to a more glamorous class of ship than a Support Cruiser like ours. Starfleet would never let us stand in for one of the Heavy Cruiser classes. We weren’t the USS [REDACTED], whose name had carried on from the pre-Federation warp 5 prototypes, through a series of ships that had already reached an E suffix, and would probably remain an honored name in Starfleet until we ran out of letters. 

Still, we did sometimes get missions for the Diplomatic corps, which was what we had just received. 

A gathering of representatives from a dozen Federation worlds was gathering on [REDACTED], a planet in the [REDACTED] system, about 4 days away at our standard cruising warp speed. We were tasked with bringing the delicate from this world to the conference, along with a group of musicians who would perform at the event. 

Even though some of the crew played musical instruments, we had never had a shipboard band of our own, so this was potentially quite a treat – as the group, known as Distance of Thought*, had offered to play for us in preparation for their performance at the conference. Something of a final practice in front of a live audience before the big event. 

Though, to be fair, even though we were, or perhaps because we were, a multicultural multiethnic crew, very few had any idea what Terran Prog Metal was. 

They would learn. 

*: Nothing redacted here. Our own Tony Taylor is the Bassist for the real Distance of Thought.  

Beaming down from orbit 

What happened 

An apparent malware attack against Dish Network affected multiple internal systems and may have resulted in the theft of some data, though it was as yet unclear whether customers’ personal data had been stolen in the attack. 

Why it matters 

It was unclear from the available information what exactly happened to Dish Network’s internal environment, but what was revealed had the hallmarks of a ransomware attack. They haven’t stated whether customer records were taken, but it would be prudent for their customers to act as if they had and take the usual precautions. 

There is no indication (as of this writing) as to how the attackers managed to access the environment, but the extent of the damage is surprising. Apparently, they gained nearly total control over the Dish Network’s environment which indicates either a very sophisticated attack or very weak defenses. To be honest, neither scenario should make anyone happy. 

What they said 

People were quick to dish out the coverage

Tick Tock, Time’s up. 

What happened 

The White House has set a 30-day deadline for agencies to remove the TikTok application from all Federal Government devices. The mandate to remove the app, suspected of sharing data with the Chinese Government, has been in place for some time but this sets a timetable for its ultimate removal. 

Why it matters 

Whether or not TikTok is really sending aggregate data to the CCP (Chinese Communist Party) is kind of a moot point. The perception is that they are, regardless of what the parent company ByteDance says. “You operate in China, therefor you are bound by Chinese law” is the thought process. Here, perception is everything. Plus, the fact that the CCP is known to collect massive amounts of data makes the suspicions warranted. 

It’s a little surprising that the deadline wasn’t set when the mandate first came down. 

What they said 

While not quite the latest viral dance trend, this story’s been getting plenty of attention.

The White House releases its National Cybersecurity Strategy  

What happened 

On March 2nd, 2023, the Biden Administration released its official National Cybersecurity Strategy document. The 39-page document covers the 5 pillars that form the foundation of the strategy going forward. While some of the features will be relatively easy to implement, others will require political will and diplomacy to realize. 

Why it matters 

This lays a solid foundation for cybersecurity going forward, though some of the components may be challenging to make work. Investment in secure coding and infrastructure improvements should be a piece of cake. At least relatively. But getting international cooperation so law enforcement can move against threat actors who aren’t in the US? Yeah. That could take some work. Especially given the current geopolitical situation and how many threat actors are based in openly hostile countries. 

There is also the possibility for unintended consequences stemming from an effort to shift responsibility for an attack. Yes, developers should be writing code that has security baked in from the start, but there can be so much complexity that it’s probably impossible to write truly bug-free code. And who’s responsible when an organization doesn’t follow the vendor’s recommendations and leaves its admin interface wide open? Who’s on the hook for “Stupid User Tricks” like opening a malicious attachment or falling for a phishing email? 

If implemented right, this will be great. At least if the collective technical, political, diplomatic, and financial pieces all come together. 

What they said 

US security strategy

We actually had a lot to say about this ourselves. Read our take.


Want to get ahead of the stories?




Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy