About
Articles by Robert M.
-
What a Record Setting Investment into the ICS/OT Cybersecurity Market Means to Me
What a Record Setting Investment into the ICS/OT Cybersecurity Market Means to Me
By Robert M. Lee
Activity
-
See Yong Cheow, one of our transitioning veteran Cyber Warriors in the Boots to Cyber (B2C) United States Department of Defense approved #SkillBridge…
See Yong Cheow, one of our transitioning veteran Cyber Warriors in the Boots to Cyber (B2C) United States Department of Defense approved #SkillBridge…
Liked by Robert M. Lee
-
It kills me (with pride) that every now and then I have an amazing idea and then find out Mike Assante had it 10 years ago.
It kills me (with pride) that every now and then I have an amazing idea and then find out Mike Assante had it 10 years ago.
Posted by Robert M. Lee
-
Discover how the Dragos Platform can assist your organization in meeting the new NERC CIP-015 requirements for Internal Network Security Monitoring…
Discover how the Dragos Platform can assist your organization in meeting the new NERC CIP-015 requirements for Internal Network Security Monitoring…
Liked by Robert M. Lee
Experience & Education
Publications
-
Threat Intelligence and Me
Amazon Createspace
Threat Intelligence is a topic that has captivated the cybersecurity industry. Yet, the topic can be complex and quickly skewed. Author Robert M. Lee and illustrator Jeff Haas created this book to take a lighthearted look at the threat intelligence community and explain the concepts to analysts in a children's book format that is age-appropriate for all. Threat Intelligence and Me is the second work by Robert and Jeff who previously created SCADA and Me: A Book for Children and Management…
Threat Intelligence is a topic that has captivated the cybersecurity industry. Yet, the topic can be complex and quickly skewed. Author Robert M. Lee and illustrator Jeff Haas created this book to take a lighthearted look at the threat intelligence community and explain the concepts to analysts in a children's book format that is age-appropriate for all. Threat Intelligence and Me is the second work by Robert and Jeff who previously created SCADA and Me: A Book for Children and Management. Their previous work has been read by tens of thousands in the security community and beyond including foreign heads of state. Threat Intelligence and Me promises to reach an even wider audience while remaining easy-to-consume and humorous.
-
Generating Hypotheses for Successful Threat Hunting
SANS Institute
Threat hunting is a proactive and iterative approach to detecting threats. On the
Sliding Scale of Cyber Security, hunting falls under the active defense category
because it is performed primarily by a human analyst. Although threat hunters should
rely heavily on automation and machine assistance, the process itself cannot be fully
automated nor can any product perform hunting for an analyst. One of the human’s
key contributions to any hunt is the initial conception of what…Threat hunting is a proactive and iterative approach to detecting threats. On the
Sliding Scale of Cyber Security, hunting falls under the active defense category
because it is performed primarily by a human analyst. Although threat hunters should
rely heavily on automation and machine assistance, the process itself cannot be fully
automated nor can any product perform hunting for an analyst. One of the human’s
key contributions to any hunt is the initial conception of what threat the analyst
would like to hunt and how he or she might find that type of malicious activity in the
environment. We typically refer to this initial conception as the hunt’s hypothesis, but
it is really just a statement about the hunter’s testable ideas of what threats might be
in the environment and how to go about finding them.Other authors -
The Who, What, Where, When, Why and How of Effective Threat Hunting
SANS Institute
This paper will explain what threat hunting is (and what it is not), why it is needed, when
threat hunting is appropriate, where it fits into maturity efforts, how to get started and
who should do the hunting.Other authorsSee publication -
The ICS Cyber Kill Chain
SANS Institute
Cyber attacks on industrial control systems (ICS) differ in impact based on a number
of factors, including the adversary’s intent, their sophistication and capabilities, and their
familiarization with ICS and automated processes. Cyber attackers target systems not in
single incidents and breaches but, instead, through a campaign of efforts that enables access
and provides sufficient information to devise an effect. A campaign represents the entirety
of the operation against the…Cyber attacks on industrial control systems (ICS) differ in impact based on a number
of factors, including the adversary’s intent, their sophistication and capabilities, and their
familiarization with ICS and automated processes. Cyber attackers target systems not in
single incidents and breaches but, instead, through a campaign of efforts that enables access
and provides sufficient information to devise an effect. A campaign represents the entirety
of the operation against the defender organization and its systems. Understanding where an
adversary is in his or her campaign can enable defenders to make better-informed security
and risk management decisions. Additionally, this knowledge of the adversary’s operations
can help defenders appreciate the attacker’s possible intent, level of sophistication, capabilities
and familiarization with the ICS, which together work to unveil the potential impact of the
attack on an organization. The authors believe ICS networks are more defensible than
enterprise information technology (IT) systems. By understanding the inherent advantages of
well-architected ICS networks and by understanding adversary attack campaigns against ICS,
security personnel can see how defense is doable. The authors introduce the concept of the
ICS Cyber Kill Chain to help defenders understand the adversary’s cyber attack campaign -
The Sliding Scale of Cyber Security
SANS Institute
The Sliding Scale of Cyber Security is a model for providing a nuanced discussion to
the categories of actions and investments that contribute to cyber security. The five
categories in the scale are Architecture, Passive Defense, Active Defense, Intelligence,
and Offense. The continuum between the five categories helps visualize that not all
actions are static or easily defined. Understanding these interconnected categories that
contribute to cyber security helps individuals and…The Sliding Scale of Cyber Security is a model for providing a nuanced discussion to
the categories of actions and investments that contribute to cyber security. The five
categories in the scale are Architecture, Passive Defense, Active Defense, Intelligence,
and Offense. The continuum between the five categories helps visualize that not all
actions are static or easily defined. Understanding these interconnected categories that
contribute to cyber security helps individuals and organizations better understand the
purpose and impacts of their resource investments, establish a maturity model for their
security program, and break down cyber attacks to identify root cause analysis in a way
that encourages growth by defenders over time. The understanding of each phase helps
individuals and organizations understand that categories on the left hand side of the
scale build the appropriate foundation that make the other actions of the scale more
obtainable, useful, and less resource intensive. The goal should be to invest resources
starting on the left hand side of the scale and address those issues to achieve a proper
return on investment before allocating significant resources to the other categories.
This approach recognizes the increasing cost of success to adversaries facing properly
prepared organizations and empowers defenders to engage security in a manner that
evolves over time.
-
Why Strong Encryption is Elementary
Christian Science Monitor
The case against encryption ‘back doors’ simplified so even a child can understand it.
-
Security Firm's Iran Report Mostly Hype
Christian Science Monitor's Passcode
A new report from the security firm Norse that claims growing Iranian cyberattacks on critical infrastructure relies on questionable data. It's the latest in a string of cybersecurity vendor reports that grab headlines but erode trust in the industry.
-
Little Bobby
An ongoing web comic based on SCADA and Me. The comic follows Little Bobby in his adventures to learn about technology and security topics such as ICS, SCADA, IoT, Big Data, the Cloud, and other often misrepresented topics.
-
The Feds Got the Sony Hack Right, But the Way They’re Framing It Is Dangerous
Wired
The FBI’s statement that North Korea is responsible for the cyber attack on Sony Pictures Entertainment has been met with various levels of support and criticism, which has polarized the information security community. At its core, the debate comes down to this: Should we trust the government and its evidence or not? But I believe there is another view that has not been widely represented. Those who trust the government, but disagree with the precedent being set.
-
Snowden's Leaked PowerPoints Provide Flawed View of American Spy Agencies
Christian Science Monitor
Classified PowerPoint slides from the US intelligence community have been spilling across the Web. Some have led to thoughtful debates on privacy. But many offer only a misleading view of real policies, practices, and intentions within the spy agencies.
-
SANS Industrial Control System Defense Use Case Series
SANS
An on-going series of ICS Defense Use Case (DUC) whitepapers covering ICS cyber-incidents that have impacted the physical control systems or the system's process. The series started with the Baku-Tbilisi-Ceyhan (BTC) oil pipeline cyber attack whitepaper and will continue through various ICS case-studies.
#1 - Baku-Tbilisi-Ceyhan (BTC) Oil Pipeline Cyber Attack
#2 - German Steel Mill Cyber Attack
#3 - Analysis of Norse's Claims of Iranian Cyber Attacks
#4 - Analysis of Reporting…An on-going series of ICS Defense Use Case (DUC) whitepapers covering ICS cyber-incidents that have impacted the physical control systems or the system's process. The series started with the Baku-Tbilisi-Ceyhan (BTC) oil pipeline cyber attack whitepaper and will continue through various ICS case-studies.
#1 - Baku-Tbilisi-Ceyhan (BTC) Oil Pipeline Cyber Attack
#2 - German Steel Mill Cyber Attack
#3 - Analysis of Norse's Claims of Iranian Cyber Attacks
#4 - Analysis of Reporting of Iranian Activity Against U.S. Infrastructure
#5 - Analysis of the Cyber Attack on the Ukrainian Power GridOther authors -
OMG Cyber!
The RUSI Journal
For many austerity-hit Western countries, the defence budget has been a prime target for significant cuts. Nowhere has this been more apparent than in the United States. Yet one element of the Pentagon's budget continues to grow: cyber. High-profile security breaches at the corporate level and reports of cyber-espionage at the national level seemingly justify the vast sums involved in ensuring cyber-security. However, Robert M Lee and Thomas Rid argue that ‘cyber-angst’ is damaging – and…
For many austerity-hit Western countries, the defence budget has been a prime target for significant cuts. Nowhere has this been more apparent than in the United States. Yet one element of the Pentagon's budget continues to grow: cyber. High-profile security breaches at the corporate level and reports of cyber-espionage at the national level seemingly justify the vast sums involved in ensuring cyber-security. However, Robert M Lee and Thomas Rid argue that ‘cyber-angst’ is damaging – and self-serving. In this article, they list thirteen reasons why such cyber-security hype is counterproductive.
Other authorsSee publication -
Making Digital Forensics a Critical Part of Your Cyber Security Defenses
Control Engineering
A Control Engineering cover piece article discussing the importance of digital forensics to cyber security for control systems that provides a step-by-step table to assist industry personnel.
Other authorsSee publication -
The Failing of Air Force Cyber
SIGNAL Magazine
A look at the fundemantal reason that Air Force cyber is failing: there is no true Air Force cyber community. An opinion piece written for SIGNAL magazine to examine what must be done to move forward in the cyberspace domain.
-
SCADA and Me
IT-Harvest Press
SCADA and Me is an educational book about a system that impacts our daily lives. This system is called SCADA (Supervisory, Control, and Data Acquisition). SCADA systems are crucial to keeping facilities safely running in areas such as nuclear power, water filtration, electrical power, large scale manufacturing and other areas often identified as critical infrastructure.
This book educates children on an important technological topic that impacts the world around us but also contains…SCADA and Me is an educational book about a system that impacts our daily lives. This system is called SCADA (Supervisory, Control, and Data Acquisition). SCADA systems are crucial to keeping facilities safely running in areas such as nuclear power, water filtration, electrical power, large scale manufacturing and other areas often identified as critical infrastructure.
This book educates children on an important technological topic that impacts the world around us but also contains satirical and humorous references aimed at educating people in management. Just because a topic is important does not mean it needs to be complex. SCADA and Me is a great book to excite children on the tech topic of SCADA and industrial engineering while helping management grasp the basics SCADA cybersecurity. -
The Interim Years of Cyberspace
Air and Space Power Journal
This article examines lessons learned from airpower during the interim years between the two world wars and applies them to the current state of the cyberspace domain. It argues that this domain is currently in an interim period and needs proper vectoring to ensure its security.
This paper was also published in Air and Space Power Journal - Spanish and Chinese editions. -
The History of Stuxnet: Key Takeaways for Cyber Decision Makers
Cyber Conflict Studies Association
This article takes a detailed look at the history and lessons learned from the Stuxnet cyber weapon.
Patents
-
Community Threat Intelligence and Visibility for Operational Technology Networks
Issued US11677771B2
Techniques are provided for community threat intelligence for operational technology networks. For a plurality of OT networks, at least one monitoring device processes OT network traffic and collects telemetry data, and a telemetry sanitization system applies a sanitization process to the telemetry data to generate sanitized telemetry data that does not include sensitive data. A computer system receives sanitized telemetry data from the telemetry sanitization systems provided for the plurality…
Techniques are provided for community threat intelligence for operational technology networks. For a plurality of OT networks, at least one monitoring device processes OT network traffic and collects telemetry data, and a telemetry sanitization system applies a sanitization process to the telemetry data to generate sanitized telemetry data that does not include sensitive data. A computer system receives sanitized telemetry data from the telemetry sanitization systems provided for the plurality of OT networks, maintains threat intelligence data generated based on the sanitized telemetry data, and provides access to at least one of the threat intelligence data and the sanitized telemetry data to a plurality of users.
Other inventorsSee patent
Courses
-
CYBATI Control System Cyber Security
-
-
Joint Digital Network Intelligence Course
-
-
SANS FOR 508 - Adv Comp Forensics and Incident Response
-
-
SANS FOR 572 - Advanced Network Forensics and Analysis
-
-
SANS ICS 410 - ICS/SCADA Security Essentials
-
-
SANS SEC 401 - Security Essentials
-
-
SANS SEC 503 - Intrusion Detection in Depth
-
-
SANS SEC 504 - Hacker Techniques, Exploits, and Incident Handling
-
-
Security+
-
Honors & Awards
-
40 Under 40
Hart Energy
Hart Energy’s 40 Under 40 award recognizes the contributions of people in the oil and gas industry.
-
CyberScoop Industry Leadership Winner
CyberScoop
The CyberScoop 50 are a set of awards for a range of topics voted on by the industry to select winners. The Industry Leadership award was for the most impactful individual in the industry in the past year in their efforts to positively impact and guide the industry and community.
https://www.cyberscoop.com/2022-cyberscoop-50-award-winners/ -
SC Media's Security Executive of the Year
SC Media
SC Media (SC Magazine)'s Security Executive of the Year award. https://www.scmagazine.com/analysis/emerging-technology/winners-of-the-2022-sc-awards-revealed
-
EY’s Mid Atlantic Entrepreneur of the Year
EY
EY’s Entrepreneur of the Year is one of the preeminent competitive business awards for entrepreneurs and leaders of high-growth companies who think big to succeed. An independent panel of judges selected Lee based on his entrepreneurial spirit, purpose, growth, and impact, among other core contributions and attributes.
-
USAFA Young Alumni Excellence Award
United States Air Force Academy
Recognition of the work done post graduation.
-
Baltimore Business Journal 40 under 40
Baltimore Business Journal
Baltimore Business Journal awarded 40 professionals under 40 in Maryland for their accomplishments.
-
Forbes 30 Under 30
Forbes
Recognized as one of Forbes' 30 under 30 in the area of Enterprise Technology.
-
Energy Sector Cyber Security Professional of the Year
EnergySec
Recognized by EnergySec as the 2015 Energy Sector Cyber Security Professional of the Year for contributions including the SANS ICS515 course, work at Dragos Security, speaking/writing on the issue of cyber security for critical infrastructure, and the Little Bobby comic.
-
Colonel Sparky Baird Award
AFCEA
Awarded AFCEA's Sparky Baird Award for the authoring of the SIGNAL Magazine article "The Failing of Air Force Cyber" which called attention to needed changes to Air Force Officer cyber career paths to achieve mission success.
-
Washington Tech Titan 2018, 2019, 2020, 2021, and 2022
Washingtonian
Identified as one of the top technology leaders in the Washington (DC) area.
https://www.washingtonian.com/2018/09/20/tech-titans-2018-washingtons-top-tech-leaders/?fbclid=IwAR3Gc2X4B3aDObRbMoBKN-nSqKq7OtiDIpscxmS9Bgrc3Bz4KOD7DIGLl5E
https://www.washingtonian.com/2021/05/03/2021-tech-titans/
Languages
-
English
-
Recommendations received
5 people have recommended Robert M.
Join now to viewMore activity by Robert M.
-
Another great position is open for a Senior Detection Engineer on our Protocol Asset Identification team. If you want to use your technical skills to…
Another great position is open for a Senior Detection Engineer on our Protocol Asset Identification team. If you want to use your technical skills to…
Liked by Robert M. Lee
-
DNI posted an outlook on hacktivist groups targeting ICS. While defacements don't equate to the level of severity as process manipulation, it's still…
DNI posted an outlook on hacktivist groups targeting ICS. While defacements don't equate to the level of severity as process manipulation, it's still…
Liked by Robert M. Lee
-
Be sure to join Dragos OT-CERT Director Dawn Cappelli, CISSP with Manufacturing ISAC in a webinar tomorrow at 2pm ET. They'll cover how to boost the…
Be sure to join Dragos OT-CERT Director Dawn Cappelli, CISSP with Manufacturing ISAC in a webinar tomorrow at 2pm ET. They'll cover how to boost the…
Liked by Robert M. Lee
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Robert M. Lee in United States
-
Robert M Lee
Computer Troubleshooter/Consultant
-
Robert M Lee, MD
-
Robert M. Lee
--
-
ROBERT M LEE
SHIPPING MANAGER at PERSONAL CHRISTIANITY
5 others named Robert M. Lee in United States are on LinkedIn
See others named Robert M. Lee