Risky Bulletin Podcast Summary
Podcast: Risky Bulletin
Episode: Srsly Risky Biz: Google sharpens its cyber knife
Date: September 4, 2025
Host: Amber Lee Jack
Guest: Tom Uren (Policy and Intelligence Editor)
Episode Overview
This episode focuses on recent cybersecurity policy news, diving into Google’s unveiling of its new cyber disruption unit, recent attributions of Chinese threat activity (specifically the "Salt Typhoon" campaign), and updates on Apple’s legal conflict with UK authorities over lawful access demands. Host Amber Lee Jack and expert Tom Uren provide analysis, context, and predictions around these developments, with an eye for what they mean for the cybersecurity landscape.
Key Discussion Points & Insights
1. Google’s New Cyber Disruption Unit
[00:49 – 08:36]
-
Google’s Move:
Google has announced the formation of a "cyber disruption unit" to proactively seek and disrupt threat actor campaigns. Details remain limited, but expectations are high given Google's scale and capabilities. -
Hacking Back Debate:
Tom highlights the long-standing debate over "hacking back"—whether private companies should be allowed to retaliate against attackers.“There’s over the years been this ebb and flow and talk about hacking back… Letting everyone hack anything because they get attacked is just a terrible idea.” (Tom Uren, [01:17])
-
Legal Framework & Microsoft’s Precedent:
Microsoft pioneered court-authorized disruption operations, leveraging legal mechanisms like trademark law and "abuses of America’s hacking law" to justify taking down threat infrastructure.“They’ve done like maybe close to a dozen disruption operations… Google has done just two. So I feel like at a bare minimum it’s got to be we’re going to try and do these kind of court authorized things.” (Tom Uren, [02:39])
-
Conference Context:
Google’s Sandra Joyce made the announcement at a keynote in a conference focused on "offensive cyber operations legal strategy," indicating a shift towards more assertive, legally-guided responses. -
Case Study – Sophos:
Sophos’ legally-justified, targeted response to attackers experimenting on their firewalls is cited as a modern example of “hacking back,” made possible via their end user license agreements (EULAs):“They were able to come up with a small pool of devices that they knew or were pretty highly confident that the threat actors were using… They actually pushed out an implant onto those devices.” (Tom Uren, [05:41])
-
A New Model:
Tom argues the best path is to authorize select, capable tech companies to defend their own products aggressively, rather than attempt broad hack-back legislation:“Rather than trying to get the whole private sector involved against potentially any actor, it’s maybe get the most capable American companies to do more…” (Tom Uren, [07:58])
2. Salt Typhoon Attribution and its Limits
[09:53 – 14:59]
-
Attribution Announcement:
Security firms and governments have publicly attributed the "Salt Typhoon" espionage campaign to three Chinese companies across 13 countries. Amber calls it a significant “name and shame” moment, but Tom is skeptical of real impact. -
Historical Ineffectiveness:
Previous public attributions—Cloud Hopper, the Exchange hacks—have shown little effect on state behavior:“Basically the conclusion is that those have achieved kind of nothing.” (Tom Uren, [10:30])
-
Operational Insights:
Chinese operations differ from Western ones: rather than relying on stealth, they achieve persistence by being deeply entrenched, even at the cost of exposure.“Instead of being stealthy and quiet and not getting detected, they just hack everything, and it’s very difficult to evict them.” (Tom Uren, [11:53])
-
Eviction is the Real Failure:
Being identified isn’t enough—only actually evicting these actors from compromised networks counts as a win:“If they’re still in the networks, is that a win? I don’t think so.” (Tom Uren, [13:13])
-
China’s Likely Response:
Tom expects China to treat diplomatic blowback as “just a cost of doing business”:“I think they may feel it’s just a cost of doing business and... the benefits outweigh the risks.” (Tom Uren, [13:38])
-
On Eviction:
The cost and complexity of eviction is tremendously high:“A senator in the States spoke about the cost of evicting Salt Typhoon from America’s telecommunications network, and he described it as astronomically high.” (Tom Uren, [14:27])
3. Apple vs. UK Government – The Truth About the Technical Capability Notice
[14:59 – 17:06]
-
The Story:
A Financial Times report reveals the ongoing legal battle over the UK’s Technical Capability Notice, which would require Apple to provide lawful access to iCloud data globally. -
Legal Context:
Challenges play out before the UK’s Investigatory Powers Tribunal. There have been reports of carve-outs for US citizens, but the requirement appears to remain in contention for everyone else. -
What’s Next:
The matter is still up for court adjudication; Tom expects possible carve-outs but not total withdrawal:“It seems like it’s going to go ahead... the court case is going to go ahead. I expect that there will be some carve out for US citizens... More to come, I guess.” (Tom Uren, [16:28])
Notable Quotes & Memorable Moments
-
On Google’s Ambition:
“This feels like a very significant moment because Google is one of the larger players and it said, we want to do more disruptive stuff.”
(Tom Uren, [01:53]) -
On Hack-Back Reality:
“Letting everyone hack anything because they get attacked is just a terrible idea. So that’s been the debate for like maybe 10, 15 years.”
(Tom Uren, [01:28]) -
On Chinese Operations:
“Being named, being outed, it doesn’t actually evict them from those networks.”
(Tom Uren, [12:35]) -
On Apple & UK Law:
“It seems like it’s going to go ahead, but... the matter is still up for adjudication. We’ll have to wait and see. More to come, I guess.”
(Tom Uren, [16:28])
Key Timestamps
- 00:49 – 08:36: Google’s cyber disruption unit, hack-back debate, legal frameworks
- 09:53 – 14:59: Salt Typhoon attribution, limits of public shaming, eviction challenges
- 14:59 – 17:06: Apple’s legal dispute with UK over access demands
Tone & Language
The episode maintains an analytical and conversational tone, characteristic of the Risky Biz team. Tom speaks candidly about the industry’s legal and strategic challenges, always anchoring technical issues in clear, real-world impacts.
This summary provides a clear, structured breakdown of the podcast’s major topics, allowing readers to quickly grasp the nuances of current cybersecurity policy debates—even if they missed the episode.
