Daniel Moore

Cyber Warfare Researcher

Daniel Moore

Daniel Moore has over fifteen years in the public and private sector working at the intersection of operations, intelligence, and information security. He holds a PhD in cyber-warfare from King's College London where he has previously taught cybersecurity in the War Studies department.

Daniel's private-sector experience includes roles in IBM, Accenture, and most recently Facebook, where he leads a threat intelligence team. Daniel's book, Offensive Cyber Operations, is expected to come out with Hurst in early 2022.

Talk: A Sliver of Light: Perspective Bias in Talking About Cyber Operations

Our visibility into cyber operations is misleading. We see so much – telemetry, infrastructure, malware families, threat actors, campaigns,  and victims. A robust private sector, passionate researchers, and increasing transparency from government agencies all mean that we enjoy an unprecedented collaborative view into adversarial network activities. Yet what we do see colors our judgment on what we do not. We inform threat models and assess complexities based on what is familiar to us, not based on what is necessarily out there. We must acknowledge the gaping chasms in our visibility in order to responsibly deliver on our relationships with those we try to defend. There are countries in which we have little to no visibility. Some industries are opaque about those who target them. Governments only provide visibility on what must be shared for either imminent public need or because the activity is already well known; in other instances it hoards access and knowledge to weaponize it for use. Some adversaries succeed through closed access intrusion vectors that are unlikely to reach our malware repositories. We are sporadically floored by discoveries as they emerge – but do they truly represent what we’re likely to see next? Perhaps the next time an NSA or GCHQ campaign is somehow compromised we would once again find ourselves humbled.  We must take an honest introspective look at our limitations as a result of the intrinsic nature of cyber operations.