Risky Bulletin Srsly Risky Biz: When cyber campaigns cross a line
Dec 4, 2025
Tom Uren, a cyber policy analyst and author of the Seriously Risky Business newsletter, joins to discuss a new framework outlining seven 'red flags' for assessing cyber operations. They explore Iran's use of cyber intelligence for missile strikes and the implications of political interference in elections. The conversation dives into the significance of corporate disclosure amid evolving state cyber activities, and they express skepticism about China's claims of being a responsible cyber actor. This engaging dialogue sheds light on the complexities of modern cyber warfare.
AI Snips
Chapters
Transcript
Episode notes
Framework Clarifies When Cyber Ops Cross Lines
- Defining clear red flags helps victims and policymakers judge cyber operations more consistently.
- The framework aims to reduce ambiguity about when incidents merit robust responses.
Control Loss Is A Red Flag
- Loss of technical or organizational control is a major red flag in cyber operations.
- Examples like NotPetya and WannaCry show why states must ensure control of malware and operators.
NotPetya And Stuxnet Compared
- NotPetya is cited as a clear example of malware getting out of control and causing vast collateral damage.
- Stuxnet is noted as spreading beyond its target but was designed to limit activation outside intended systems.