Sabre Rattling in Cyberspace

cyber-thiefChile is a South American success story, emerging from decades of tumult to become a stable, prosperous nation. But roughly a hundred years ago, Chile was torn by conflict between President Arturo Alessandri and the conservatively controlled congress. Congress had refused to pass any measures proposed by Alessandri, but they did find time to vote to increase their salaries, much to the dismay of the nation, and to the military, who had long been hoping to get a salary increase. A small group of young military officers sat in on the session during which the congressional salary increase was to be discussed. Ordered to leave, they began to rattle the sabers they wore within their scabbards, a plain warning to the members of congress. Thus was born the term sabre rattling.

The United States now is engaged in a very public form of sabre rattling. A number of news outlets have reported that the Administration has asked the CIA to provide plans for a cyber attack on Russia, purportedly in retaliation for Russian sponsored efforts to disrupt the U.S. election process. The fact the potential attack is being discussed so publicly is ample evidence that the Administration is intent on sending a clear warning, regardless of whether an actual attack takes place.

One can assume that if the U.S. does attack Russia in some fashion, Russia will respond, and it is clear that Russia has the ability to attack both the government and the private sector. It’s conceivable that Russia could pursue remedies at the U.N. Security Council and/or the International Court of Justice, but if recent history is a fair guide, it is more likely its response would be more direct.

Where all of this will lead is anyone’s guess. Both nations have the ability to significantly disrupt the economies of the other. Neither is likely to want to go that far, for at some point an ill-defined line would be crossed, and escalation beyond purely cyber measures would be on the table.

Legal guidance on how activities in cyberspace are covered by international laws, treaties and norms is provided by the Tallinn Manual, a product of the work of twenty international law scholars and practitioners created on behalf of NATO’s Cooperative Cyber Defence Centre of Excellence. The manual attempts to define some of the basics of cyber warfare. It stipulates that an online attack on a state can, in certain circumstances, be the equivalent of an armed attack. It states that such an attack is against international law, and says a state attacked has the right to retaliate. It also uses terms like maybe and probably as guidance for specific attack/counterattack scenarios, which tells us the rules governing cyber warfare are evolving and not generally agreed upon.

Writing in TechRepublic, Steve Ranger points out “Some countries have a very narrow model of what cyberwarfare should look like – that it should focus on hacking and damaging systems. Others see it as just one part of a much wider information warfare spectrum which stretches from hacking to disinformation and propaganda. Indeed, much of the criticism of the Tallinn Manual has been around how it represents a NATO—and specifically Western—outlook on what cyberwarfare should look like.” Not surprisingly, nations like China and Russia have a different perspective.

If the U.S. goes beyond sabre rattling and actually does execute a cyber attack on Russia, the next version of the Tallinn Manual will have a lot more experience to draw upon in providing legal guidance.

By Tom Davis, SDI Cyber Risk Practice
October 18, 2016

The Copernicus Effect

cyber chalkboardNearly 500 years ago Nicolaus Copernicus published a theory that turned the world on its head.  He proposed that the sun was as the center of the universe, and that the earth was a planet revolving around the sun. His heliocentric theory met with abundant skepticism, for it flew in the face of accepted scientific and religious beliefs. Copernicus was not the first to advance the theory that the sun was at the center of the universe, but his rigorous modeling made refutation more difficult, and ultimately changed the way we view the universe.

Those who cause us to look at the universe differently provide a great service, even if they do not offer the contribution of a Copernicus. In that vein I give you William H. Saito, Special Advisor to the Cabinet Office for the Government of Japan, and Vice Chairman for Palo Alto Networks Japan. Writing in Forbes, Mr. Saito suggests that far too many corporate executives and boards of directors tend to view cybersecurity as costly, complex, inefficient, and a damper on productivity.  Instead, he advocates seeing cybersecurity as a profit center, in which holistic cyber solutions are used to reduce costs and increase efficiencies.

One point Mr. Saito makes is particularly salient. He notes that cybersecurity cannot be viewed simply as an IT issue. “It’s another form of risk that happens to cut across every organization. It’s also a board issue and a critical priority for management as well as shareholders. That’s an important point to make when it’s shareholder meeting season, as it is now here in Japan. Investors should be asking their companies what their cybersecurity policy is in terms of its defensive position, breach response protocols, resilience and governance and business continuity. They should also be asking how their company is using cybersecurity as an opportunity to enhance resilience, increase productivity and efficiency and what related products or services they are rolling out.”

Looking at cybersecurity as a profit center is an interesting concept.  While it may not have the lasting impact of the heliocentric theory, it does offer a useful reminder that examining our beliefs can lead to progress. There is some evidence that a growing number of corporate executives are seeing cybersecurity as a way to gain competitive advantage, a claim that could turn the world of cyber risk management on its head.

By Tom Davis, SDI Cyber Risk Practice

July 5, 2016

What’s CTI Got to Do with the Price of Cheese?

Little Miss MuffetCyber Miss Muffet

Sat on a tuffet,

Eating her curds and whey…

Cheese curds are one of the great delicacies known to humankind. The salty little cheese bits are the quintessential Wisconsin snack. Being from Wisconsin, I have an abiding fondness for cheese curds, an affection I apparently share with Gene Cate, who together with his wife Lori and sons own and operate Cate Welding in Belleville, Wisconsin, a little village nestled just outside the great metropolis of Madison. Another thing I have in common with Mr. Cate is that until recently, neither of us suspected that an old computer server used in Cate’s case to operate the family business, could be infiltrated by Chinese hackers and deployed to attack targets around the world.

Mr. Cate learned from a Silicon Valley-based threat intelligence provider that his server had been weaponized. I learned about it by reading this article in the New York Times: “The Chinese Hackers in the Back Office.” The article reveals how Area 1, a company run by former NSA analysts, came to Belleville to inform the Cates’ that their server had been taken over by a group of Chinese hackers known as the Codoso Group. Area 1 identifies and tracks digital attacks against businesses.

The Cate’s agreed to help Area 1 thwart the Chinese. Area 1 added their server to a network of compromised servers being monitored to gain insights into how Codoso Group operates that could be shared with Area 1’s clients. Over time the Cate’s learned “The Codoso group had used their server to pilfer a law firm’s due diligence on an impending acquisition, a financial services firm’s confidential trading plans, a mobile payment start-up’s proprietary source code, some blueprints and loan applications at a mortgage company.”

What’s interesting about this story is what it tells us about Cyber Threat Intelligence (CTI), an emerging industry in acquiring and selling intelligence about attack groups. Many cyber attacks use similar methods and approaches, with attackers adapting their products in an effort to keep ahead of the antimalware industry and security professionals. It follows that there is an increasing likelihood that some organization or group has encountered the attack before. Cyber Threat Intelligence offers the ability to recognize and act upon known indicators of an attack so that the attacks can be thwarted before they are successful.

Cyber Threat Intelligence is rapidly being adopted in both business and government. Market research company Gartner forecasts the market for threat intelligence will reach $1 billion next year, up from $255 million in 2013. That will buy a lot of cheese curds.


By Tom Davis, SDI Cyber Risk Practice

June 21, 2016

Naked on Top of the World

SMALL cyber tuesday

I stood high upon a mountaintop

Naked to the world

In front of

Every kind of girl


From Spill the Wine

Eric Burdon


My favorite Eric Burdon song is “The House of the Rising Sun,” done when The Animals were a leading part of the British Invasion  headlined by The Beatles, and featuring the Rolling Stones, the Dave Clark Five, the Kinks, and the Who, among other notable British bands.  When The Animals broke up, Burdon joined War, and Spill the Wine was their first big hit. While the song lacks the power and emotion of The House of the Rising Son, the lyrics offer vivid imagery.  Imagine standing high on a mountaintop, naked to the world. Now set your sites a little lower. You might not be on a mountaintop, but you could, increasingly, be naked to the world.

Sean Owen, director of data science at Cloudera, recently contributed a piece to CrunchNetwork that explores just how much we may be inadvertently revealing of ourselves as our personally identifiable information (PII) is accessed and used. Owen poses the question: “What sharing (of PII) is permitted and who decides where to draw the line on our behalf?”  He then points out “There is a new threat to our ability to control the answer to this question, with which data scientists must now also contend. Surprisingly, this emerging villain is also the hero of the big data age: machine learning.”

Machine learning gives computers the ability to learn without being specifically programmed. It uses algorithms to identify insights in data that is not readily apparent at first blush. It has enormous application to guiding decision-making in an age characterized by an exploding volume of data. However, every upside has a downside.

As Owen notes, even enterprises that carefully share PII may be sharing more than they realize. He cites, as an example, Netflix sharing its viewing data as part of a contest. Owen writes “The data contained no explicit personal information… However, it was quickly cross-referenced with other public data to reliably discover the identity of many people in the data set. Certainly, more was shared than was obvious to anyone, and, in this case, it resulted in a lawsuit.”

There are abundant examples of how intuitive the data mining process gets. A favorite, the story about how Target managed to break the news to a father that his teenaged daughter was pregnant by looking at her purchases. How does that happen? Writing in the New York Times magazine, Charles Duhigg reveals Target assigns a unique code named a “Guest ID” to customers to track everything they buy.  And then, “Also linked to your Guest ID is demographic information like your age, whether you are married and have kids, which part of town you live in, how long it takes you to drive to the store, your estimated salary, whether you’ve moved recently, what credit cards you carry in your wallet and what Web sites you visit. Target can buy data about your ethnicity, job history, the magazines you read, if you’ve ever declared bankruptcy or got divorced, the year you bought (or lost) your house, where you went to college, what kinds of topics you talk about online, whether you prefer certain brands of coffee, paper towels, cereal or applesauce, your political leanings, reading habits, charitable giving and the number of cars you own.”  Target’s research revealed the buying habits of women in their second trimester, and when the teenaged daughter met the profile Target sent her coupons for baby clothes and cribs. Surprise dad.

At the moment there is relatively little a consumer can do to affect the burgeoning PII exchange. But it is useful to a least be aware that it exists. The knowledge gives us a fig leaf of control.

By Tom Davis, SDI Cyber Risk Practice

May 17, 2016

This Means War! (or does it?)

SMALL cyber tuesday

“About four p.m., the enemy’s artillery in front of us ceased firing all of a sudden, and we saw large masses of cavalry advance: not a man present who survived could have forgotten in after life the awful grandeur of that charge. You discovered at a distance what appeared to be an overwhelming, long moving line, which, ever advancing, glittered like a stormy wave of the sea when it catches the sunlight. On they came until they got near enough, whilst the very earth seemed to vibrate beneath the thundering tramp of the mounted host.”

Captain Rees Howell Gronow, Foot Guards

On June 18, 1815, Napoleon Bonaparte led his French army of some 72,000 troops against a 68,000-man allied army commanded by Arthur Wellesley, Duke of Wellington. Wellesley’s forces included Belgian, Dutch and German troops, soon, decisively, to be joined by 50,000 Prussian troops. The battle took place just south of Brussels, near a little village named Waterloo. When the day came to a close Napoleon had suffered a defeat of staggering dimension.  His army was in tatters, having taken roughly 33,000 casualties.

For all the troops engaged in battle that fateful day the savage exchanges in close quarters were, unmistakably, acts of war. Few things are so obviously an act of war as armed warriors in conflict, and we’ve had countless opportunities to further our understanding of what constitutes an act of war. Thus, it’s interesting that some 200 years after Napoleon met his Waterloo, nations are wrestling with how to define whether and how an attack in cyberspace should be seen as an act of war.

U.S. Senator Mike Rounds just introduced the Cyber Act of War Act of 2016, which would require the administration to develop a policy to determine whether a cyber-attack constitutes an act of war. Senator Rounds argues that defining what sorts of cyber attacks constitute an act of war will both deter attacks and allow the Department of Defense to more effectively respond if a particular act meets agreed upon criteria.

In 2011, the Pentagon announced that computer sabotage coming from another country can constitute an act of war, opening the door for the U.S. to respond using traditional military force. But the precise definition of what sort of “sabotage” would be seen as an act of war was left unaddressed. The Obama administration seemingly favors ambiguity on the issue, having learned that drawing a red line in the sand can have a serious downside. The issue has also come before the North Atlantic Treaty Organization, a military alliance that includes the United States. NATO has tried to define what constitutes an act of cyberwarfare but views remain split. Some members argue a cyber act of war must demonstrate a “use of force.”

It will be interesting to observe the debate if Senator Round’s bill moves ahead. Can a cyber attack be an act of war? I would argue the answer clearly is yes. When is it an act of war? That answer is a little more elusive. But it cannot be ignored. The world is very different from the one that existed when Napoleon rose to prominence. But a Waterloo moment in cyberspace would resonate much the way Napoleon’s defeat did centuries ago.

By Tom Davis, SDI Cyber Risk Practice

May 10, 2016

The Internet, Hostile Territory For Your Brand’s Reputation

Concerned about how your brand might be viewed in the cybersphere? This thoughtful blog post from one of our IPREX partners, Beuerman Miller Fitzgerald, expands upon our #CyberTuesday musings from March.

Image via ModGirl Marketing

Image via ModGirl Marketing

If you’re looking for quality insights from an agency that’s been named one of the “Top 5Public Affairs Agencies” in the U.S. then SusanDavis International’s (SDI) #Cyber Tuesday blog is for you. Trust us when we say that SDI is one of the leading sources for industry experts when it comes to public affairs, especially analysis on global cyber security threats.

The Washington, D.C.-based agency simply knows their stuff. We say that with confidence because we’ve had the pleasure of interacting with SDI over the years via our partnership through IPREX, a global network of 70 plus partner agencies, 1500 staff and over 100 offices worldwide.

Written by Tom Davis, SDI’s recent post addresses a topic of growing importance, CEO Realities: State Sponsored Cyber Crime. You may ask how cybercrime relates to you and your brand. Keep reading and we’ll shed some light into what could be a rude wake-up call for your company.

In Davis’ blog post he explores a recent state sponsored cyber-attack on WellPoint, the second largest health insurer in the U.S. who was the victim of a massive data breach this past January. Admittedly, cyber security was not among one of the newly hired CEO’s chief concerns at the time of the attack, and rightly so. Obvious repercussions ensued and the attack on WellPoint was eventually linked to groups associated with the Chinese government.

Perhaps the most pressing concern to us when reading the blog was this quote taken from PwC’s 2014 U.S. State of Cybercrime survey:

“The cybersecurity programs of U.S. organizations do not rival the persistence, tactical skills, and technological prowess of their potential cyber adversaries.”

This begs the question, is your brand equipped to handle your cyber adversaries?

If your brand has not yet been a victimized by cyber bullying then you are fortunate. We’re not necessarily talking about international cybercriminals and massive data breaches. It could be your competitors trolling the internet to say negative things about your brand or media correctly or incorrectly reporting a story that can greatly impact your company’s reputation.

On one hand, digital technology offers real opportunity on many personal and professional levels. For companies, it means efficiency and accessibility. Mobile, social, big data, the cloud, are all trends that are impacting how businesses engage with their customers, partners, and employees in order to better compete. Those trends are not going away anytime soon and companies will continue to put and store information online.

We must also acknowledge that these opportunities present challenges, and there is no denying that cybercrime is a real and ever-growing threat. The vast nature of the World Wide Web coupled with the push for businesses to go digital creates dangers that are omnipresent.

Alan W. Silberberg recently wrote an article for the Huffington Post on the Triangulation of Cyber Security, Social Media + You. Silberberg has a 20 year background in national politics and technology and uses this graphic to best describe the correlation between cyber security, reputation management and social media.


In his article Silberberg concludes:

“Face it. The Internet is a hostile place for your reputation and your brand; whether that is personal, corporate or government. The control and management of your cyber security, reputation management; and social media appearance start and end with you.”

His quote is not intended to be viewed as a scare tactic to deter you or your brand from taking advantage of the many blessings that come with establishing an online presence. It is, however, increasingly important to be aware of the risks and know how your brand is being perceived in order to appropriately manage your online reputation.

As communications professionals and experts in crisis communications and reputation management, it’s important not to take the dangers of cyber sphere for granted. Being susceptible is one thing but being proactive and prepared for the unexpected is critical. Our recommendation is to identify potential areas of weakness and develop a response plan for you and your company in order to avoid Greg Beuerman’s 4 Phases Of Crisis Anxiety.

Have you done an audit of your online reputation? Complacency can be your own worst enemy.

Who Did You Have in the Preakness?

For us, it was our client Giant Food.

SDI helped to promote the role of the Nation’s Capital Grocer, Giant Food, in the long-standing Preakness tradition of crowning the winning horse with a floral “Black-Eyed Susan” blanket.

If you are familiar with horse racing in Maryland, you probably know that the black and yellow flowers match the state colors and the color theme for the Preakness. Did you know that for the past 18 years, the blankets for the Preakness and the Black-Eyed Susan Stakes were constructed by floral associates at Giant Food in Towson, MD?

It became pretty well known that because Maryland’s state flower, black-eyed Susan, does not bloom until June in Maryland, the blanket was instead made from daisies with centers painted black to recreate the appearance. Here’s an interesting twist – the flower was switched from the daisy to the Viking pom more than 15 years ago. A front-page article in the Baltimore Sun explains, with the help of Giant florists, that the flowers have, in fact, not been painted for over 15 years. Viking poms bear close resemblance to black-eyed Susan and sport a dark center naturally.


Celebrate Military Appreciation Month By Saluting Your Hero

excellence header

For the last 39 years, Susan Davis International has had the opportunity to not only aid the men and women of our Nation’s armed forces, but to identify ourselves as the leader in military communications. Through museums, memorials, and moments of remembrance, SDI has built a rich history of excellence with the military. This month SDI celebrates not only the launch of a new website, but that rich history and the observance of Military Appreciation Month.

What makes SDI truly unique is passion. The team at SDI has a driving passion for their clients, and their missions, that push them to go above and beyond and rise to any occasion. Throughout the month we will be sharing the stories of their military passions.  We hope that their stories will inspire you to share your own.

[Read more…]

Our Top 10 DCoE Blogs of 2013

For the past five years SDI has provided communications support to the Defense Centers of Excellence for Psychological Health and Traumatic Brain Injury (DCoE). SDI’s team at DCoE recently reviewed some of the most useful advice given to our service members and their families during 2013. The team posted the following article to the DCoE Blog.

In managing the effects of posttraumatic stress disorder (PTSD) and traumatic brain injury (TBI) or caring for people in your life who have these concerns, have you learned helpful coping mechanisms? Maybe you discovered hopeful treatments, became more in tuned with your children, found expression in the fine arts, fought the stigma of mental health or embraced ways to improve your mental health. If you haven’t, we can help. The DCoE Blog brought you all of this and more in 2013 and we think it’s worth taking another look at this information. Read on for recaps, and start 2014 knowing there are resources available to help you. [Read more…]


New York, NY and Landover, Md. (February 18, 2014) – It was announced today that BrightFarms, Inc. and Giant Food® are entering a path-breaking partnership to deliver year-round local produce to Giant stores throughout the Washington metropolitan area. Constructed near Giant’s store at 1535 Alabama Avenue in Southeast, Washington, D.C., the 100,000 square foot facility will be the largest urban greenhouse of its kind in the world.

This partnership reflects Giant’s strong commitment to promoting health and wellness in local communities. By growing locally, BrightFarms delivers produce that is thousands of miles fresher, more flavorful, and better for the neighborhood. The farm will grow premium quality produce, year round, for thousands of customers in the D.C. area, while creating up to 20 full-time green-collar jobs, facilitating over 100 construction jobs, and converting underutilized land into a sustainable farm.BrightFarms also plans to offer educational opportunities for local schools to learn about urban agriculture and environmental sustainability.

“Giant is committed to serving our community by delivering the highest quality produce at the best value,” said Gordon Reid, president of Giant Food. “This unique partnership with BrightFarms will benefit the local economy while providing our customers with fresh, locally grown and sustainable produce year round. We’re excited about what this new partnership offers for our region.”

[Read more…]