Once again, 2023 was marked by security professionals reacting to threats, incidents, and vulnerabilities of a constant, unrelenting frequency, volume, and scale. Crypto continued its”desctruction destruction” – while many remain bullish on the potential of the underlying blockchain technology.  And new cybersecurity regulatory frameworks emerged as CISA moved from ‘partner’ to ‘regulatory enforcer’ [with] a complex cyber incident reporting mandate.

As for the The future of Cybersecurity, the questions remain the same going into the 2024:  What role will exponential disruption and emerging technologies play in the transformation of cybersecurity?  What are the novel architectures, design metaphors, and design processes for innovation in cybersecurity moving forward? And  Will security need to go back to the drawing board in a transformative way in the new year?

Following are the cybersecurity insights, innovations, regulations, and major cyber incidents we tracked over the course of 2023: 

December 2023

• Bitcoin Ordinal Inscriptions Added to US National Vulnerability Database
• Cybersecurity Perception is Reality Until Facts Intervene
• Building Trust Into Blockchain
• Maintaining Societal Trust During Technological Disruption
• The Cyber Risks of Emerging Technologies
• Active Defense May Lead to a More Weaponized Cyberspace

November 2023 

• The Future of Privacy Forum Releases a Generative AI Internal Policy Checklist
• Cyberscurity Industry Leaders Voice Their Concerns About Proposed CISA Budget Cuts
• Top 10 Security, Technology, and Business Books of 2023
• Shields Ready: Critical Infrastructure Security and Resilience
• The World’s Largest Crypto Exchange Settles U.S. Criminal Case for $4.3B – “One of the Largest Fines in Corporate History”
• FBI and CISA Release Advisory on Ransomware Gang (Scattered Spider) Behind the Recent MGM Attack
• Spying on Professional Networking Platforms Continue to Proliferate Despite Warnings
• A Model for Cybersecurity Threat Sharing: Embracing the USA PATRIOT Act & FinCEN
• Deciphering the CISO Accountability Landscape: A Comparative Analysis with the AML Officer’s Evolution

October 2023

• Crypto Fraud is Less Than 1% of the Annual $3.2 Trillion in Illegal Activity in the Traditional Fiat Monetary System
• Globalization Transformed and the Global Chip IT Supply Chain Disruption
• The Future of Blockchain Security, National Security, Cybersecurity, and Health Security
• Innovative Blockchain Technology Case Studies (by Industry Sector)
• The Strategic Implications of the Recent Data Scraping of Genetic Testing Market Leader 23andMe
• Global Democracies Need to Reign In Intrusive Surveillance Technologies

September 2023

• Everything You Need to Know about Swatting and Swatting-as-a-Service
• Cyber Defense Insights and Resources for the Corporate Board (Human Risk Management, Social and Human Engineering)
• The Climate Crisis, Texas’ Bitcoin Miners, and European Farmers
• The Nerve and Capillary System of the Global Fiat Currency Standard – SWIFT – Explores Blockchain and Crypto
• The MGM Cyberattack Should be a Wakeup Call for Corporate Boards: Will they hit the snooze alarm again?
• While Texas Declared a Grid Emergency, EU Fossil Generation is at Record Low
• The Open Ordinals Institute
• Explaining The New NIST Cybersecurity Framework to the C-Suite

August 2023 

• The August 2023 OODA Network Member Meeting: Takeaways from the “Most Critical Week in Information Security”
• Will the SEC’s “Private Fund Adviser Rule” Stifle National Security Investment and Innovation?
• The RektTest, “On-Chain” Security Exploits and the Future of Blockchain Development
• Dr. Craig Martell @DEFCON31: “I am here today because I need hackers everywhere to tell us how this stuff breaks”
• At DEFCON31, CISA’s Easterly Once Again Offered a “Stark Warning”
• The Future of Cybersecurity Depends on Public-Private Partnership – Will We Get it Right?
• Researchers Find ‘Backdoor’ in Encrypted Government Radios
• Seeking Input on Strategic Objective 1.1 – “Harmonizing Cybersecurity Regulations” – of the National Cybersecurity Strategy
• Newly Sophisticated DDoS Attacks Surged in Q223
• Ransomware Attacks in U.S. and Cyberattacks in Pacific Islands are Battlefields in Global Cyber War

July 2023

• The SEC Announces Final Cybersecurity Rules: What the C-Suite Needs To Know and Do
• Cyber Attacks by Non-State Actors Continue Astride in Europe
• Organizational, Educational & Cultural Aspects of Digital Risk Governance
• August 1-4, 2023 – USA Hosting the International Cybersecurity Championship & Conference in San Diego, CA
• The GAO on the Future of Blockchain in Finance
• Board of Directors Will Need to Focus on the Human Factor of Cybersecurity
• Ripple Labs Wins A Landmark SEC Ruling and Blackrock is Bullish on Cryptocurrency-based Investment Vehicles
• “Big Game Hunting” and Geopolitics are Drivers in a Record Year of Ransomware Extortions
• The National Cybersecurity Strategy Implementation Plan is Now Available
• The Continued Expansion of Cyber Incidents by Non-State Actors in the War in Europe
•  

June 2023

• AI-generated child sex images spawn new nightmare for the web
• CISO receives Wells Notice From The SEC: What corporate directors should know and do
• It is Time to Declare War on Spoofers
• US State Department Puts $10M Bounty on Clop Ransomware Gang Responsible for the Ongoing MOVEit Zero-day Vulnerability Rampage
• Will the New DoJ National Security Cyber Section Bite or Just Bark?
• Takeaways from the Fifth and Sixth Meeting of the CISA Cybersecurity Advisory Committee Quarterly Meeting (which also meets today, 6/22/23)
• FTC Data Shows Text-based Bank Impersonation is Most-Reported Scam; Agency Head Khan Warns of AI ‘Turbocharging’ Scams
• The YouBase Case Study: Managing Genetic and Health Data on the Blockchain
• Does a Cyber Industrial Complex Exist?
• An Unprecedented Advisory Calls for Replacing – not Patching – Barracuda’s Email Security Gateway (ESG) 900 Hardware
• Every Business Leader Should Know About the Recent Deep Fake Experience of Bill Browder
• OODA Network Member Junaid Islam on Zero Trust Data
• The Challenges of and Defending Against Adversarial Machine Learning
• The City of Dallas, Over a Month After A Ransomware Attack, is Still not at Full Functionality
• The Origin Story of the APT Turla, the Hunt for “The Snake” Malware, and Current Steps for Prevention
• The OODA Network on the Corporate Governance of Cybersecurity
• Microsoft, CISA, NSA, FBI, and the Five Eyes on the PRC’s Advanced Persistent Threat: Volt Typhoon
• Federal Deadlines for Updates to Known Exploited Vulnerabilities and Zero-days Patches

May 2023

• NIST Wants Your Input Now on Two Strategic Challenges: Adversarial Machine Learning and Protecting Controlled Unclassified Information (CUI)
• The May 2023 OODA Network Member Meeting: RSA 2023 Takeaways and Perspectives on Technology-enabled Fraud
• The Canton Network: Institutional Blockchain Interoperability in the Financial Services Sector
• Security, Privacy and Interoperability: Blockchain-based Decentralized Identifiers 1.0
• NIST on Blockchain and Cybersecurity at the Physical Layer (Access Control Systems)
• Tech Support scams are escalating dramatically. What should society do to respond?
• The National Cybersecurity Strategy and the Future of “Coordinated Vulnerability Disclosure Across All Technology Types and Sectors”
• The Stifling of the U.S. Crypto Innovation Ecosystem has Begun – While the EU Takes the Lead Globally
• OpenAI’s Recent Expansion of ChatGPT Capabilities Unfortunately Includes a Cybersecurity Vulnerability “In the Wild”
• Adapting, Building, and Cultivating a Defense-Focused Workforce for the Challenges of 2025 and Beyond
•  

April 2023

• Fidelity National Financial Takes Down Systems Following Cyberattack
• The U.S. Cracked a $3.4 Billion Crypto Heist—And Bitcoin’s Anonymity
• A Complete Guide to The Pegasus Project, the NSO Group, and the Commercial Spyware Marketplace
• CISA Highlights Furthering Public/Private Operational Collaboration on Final Day of RSAC 2023
• The Cybersecurity Implications of ChatGPT and Enabling Secure Enterprise Use of Large Language Models
• In the AI-driven Conflict in Ukraine, is “The Swarm” the Systems Design Architecture of the Future?
• Stronger Together – Day One of RSAC 2023: Lessons Learned from Two Years of CISA JCDC Public/Private Collaboration
• New Members of CISA Cybersecurity Advisory Committee Announced
• After Major Data Breach, Italian Data Protection Authority Temporarily Bans ChatGPT
• CISA’s Pilot Ransomware Warning System and Pre-Ransomware Notification Initiative
• Executive Order Bans U.S. Government Use of Commercial Spyware

March 2023

• Tik Tok and the Future of American Data Privacy
• How to Manage Cyber Risk as a Board Director
• The Future of Exponential Growth, Risk, Multi-sided Platforms and Strategic Ecosystems
• What Corporate Directors Need To Know About Coming SEC Cybersecurity Rules
• Every Director of Every Corporate Board Should Read What Larry Fink Writes
• Cybersecurity: Public versus Private Sector
• Are the Governance of Machine Learning and the Future of Space One and the Same?
• Secure Global and Domestic IT Supply Chains and the Future of Emerging Technology Innovation
• The Future of Bitcoin and the Exponential Growth of and Risks Posed by Ordinal Inscriptions
• Offensive Cyber: Moral Hazards and Externalities
• The Missing Piece of the National Cybersecurity Strategy
• The OODA Network on the 2023 National Cybersecurity Strategy
• Will a New Cyber Director Plus a New Cyber Strategy Equal a New Result?
• CISA Releases Red Team Assessment on Critical Infrastructure

February 2023 

• CISA JCDC Sets 2023 Planning Agenda
• Emerging Technologies and Crypto-Assets on the List of SEC’s 2023 Examination Priorities
• USA to Host Global Cybersecurity Competition and Conference (IC3)
• Emerging Tech Talent, Human Targeting, Cyber Workforce Development, STEM Stay Rates and National Security
• A Conversation with OODA Network Expert Kristin Del Rosso on Cybersecurity and National Vulnerability Database Research
• NIST Makes Available the Voluntary Artificial Intelligence Risk Management Framework (AI RMF 1.0) and the AI RMF Playbook

January 2023 

• Crypto Enforcement Actions, the SEC Crypto Assets and Cyber Unit, and National Security Risk
• Sophos’ Kristin Del Rosso on the US National Vulnerability Database (NVD) and the Chinese NVD (CNNVD)
• In the Bitzlato Case, the Crackdown on Crypto Exchanges and Russian Cybercrime Activities are One in the Same
• With Coinbase Investigation and $100M Settlement, New York is the Tip of the Crypto Regulatory Spear
• Space and the Future of National Security and Cybersecurity
• Time to Reconsider How State Actors are Defined in Cyberspace

Additional OODA Loop Resources

Cyber War: Power, Prestige, International Governance, and Strategy in the Age of Global Polycrisis

Competing cyber capabilities (on a spectrum from nation-state to non-state actors alike) and cyber-based conflict will continue to restructructure, reformulate, discombobulate, and transform the very essence of what power, prestige, international governance, and geopolitical strategy are in the 21st century.  Fueled by the Global Polycrisis, Cyberwars will continue to take center stage.  Further jagged transitions, strategies, binaries fractures, major developments, and crucial events in the ongoing cyberwars are compiled here.