Featured News

The SEC's New Cybersecurity Rule: Heads' Up for CISOs

Cristin Flynn Goodwin, attorney and founder of Advancing Cyber and Advanced Cyber Law describes the U.S. Securities and Exchange Commission’s new cybersecurity rules and their potential impact on CISOs of publicly traded companies. She advises CISOs to become familiar with securities law and understand what constitutes a material incident that must now be disclosed. Cristin Flynn Goodwin on the SEC Cybersecurity Rules | Nexus (nexusconnect.io)

Ronan Farrow: How Democracies Spy on Their Citizens, The New Yorker, April 25 and May 2, 2022

But there is evidence that Pegasus is being used in at least forty-five countries, and it and similar tools have been purchased by law-enforcement agencies in the United States and across Europe. Cristin Flynn Goodwin, a Microsoft executive who has led the company’s efforts to fight spyware, told me, “The big, dirty secret is that governments are buying this stuff—not just authoritarian governments but all types of governments.” How Democracies Spy on Their Citizens | The New Yorker

David Sanger, Nicole Perlroth: US Blacklists Israeli Firm NSO Group over Spyware, The New York Times, November 3, 2021

Cristin Goodwin, general manager of Microsoft’s digital security unit, called the rule “a strong step toward addressing the danger these actors pose, and we encourage other countries to adopt similar policies.” U.S. Blacklists Israeli Firm NSO Group Over Spyware - The New York Times (nytimes.com)

SpyCast: Cyberattacks, Espionage & Ransomware – “Inside Microsoft’s Threat Intelligence Center (MSTIC)”, October 5, 2021

From your Visa card to your Outlook account, and from the gas you pump into your Ford to your Windows operating system, a cyber struggle is taking place all around us. In this episode Andrew spoke to founder of Microsoft’s threat hunting intelligence center John Lambert, which tracks the world’s most dangerous cybercriminals and state-affiliated hackers, and the head of the Digital Security Unit Cristin Goodwin, who helps provide security support to governments and works closely with John’s team. Microsoft has billions of customers, serves millions of businesses, and works with almost every government department: to say it might have something to do with information and intelligence would be like saying perhaps it would have been a good idea to have bought buy some shares when it first went public in 1986 (June 2021 it was valued at 2 trillion dollars!).

Microsoft on the Issues: Fighting Cyberweapons built by private businesses, July 15, 2021

Cristin Flynn Goodwin details Microsoft's first disruption against cyber mercenary actor Candiru, an Israeli-based company targeting politicians and civil society. Fighting cyberweapons built by private businesses - Microsoft On the Issues

News and media

Zelenskyy deepfake reflects new front in Ukraine conflict

March 22, 2022: Nation-state security specialists observed a large uptick in Russian intelligence gathering and research into forensic-security countermeasures during 2021, Cristin Goodwin, assistant general counsel for cybersecurity and digital trust with Microsoft, said before the war in a webinar noting a “real concentrated effort, predominantly from Russia, to pursue interests in the Ukraine…. From a nation-state attack perspective, Russia had a big year.” Zelenskyy deepfake reflects new front in Ukraine conflict | Information Age | ACS

Microsoft: Russia behind 58% of detected state-backed hacks

October 7, 2021: Overall, nation-state hacking has about a 10%-20% success rate, said Cristin Goodwin, who heads Microsoft’s Digital Security Unit, which is focused on nation-state actors. Microsoft: Russia behind 58% of detected state-backed hacks | Oxford Mail

Nation state cyber-attacks against critical infrastructure doubled in the past 12 months

November 7, 2022: “Before the invasion of Ukraine, governments thought that data needed to stay inside a country in order to be secure. After the invasion, migrating data to the cloud and moving outside territorial borders is now a part of resiliency planning and good governance,” said Cristin Flynn Goodwin, associate general counsel for customer security & trust at Microsoft. Nation-State Cyber Attacks Against Critical Infrastructure Doubled in the Past 12 Months - Spiceworks

Why we should care about cyberspace

October 27, 2022: General manager and associate general counsel of Microsoft's Digital Security Unit, Cristin Flynn Goodwin talks about two main yet simple approaches that enterprises can use to protect themselves.

“First, talk about security basics, security hygiene, multi-factor authentication, patching, because it matters. It's the low hanging fruit that all cybercriminals and all nation states [actors] are taking advantage of. Why spend money on a big fancy Tom Cruise type Mission Impossible attack when you can just walk in the back door because it's unlocked.” Why we should care about cyberspace | Delano News

Hackers of SolarWinds stole data on US sanctions policy, intelligence probes

October 8, 2021: In an annual threat-review paper released on Thursday, Microsoft said the Russian spies were ultimately looking for government material on sanctions and other Russia-related policies, along with U.S. methods for catching Russian hackers.

Cristin Goodwin, general manager of Microsoft’s Digital Security Unit, said the company drew its conclusions from the types of customers and accounts it saw being targeted. In such cases, she told Reuters, “You can infer the operational aims from that.” Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes | Reuters

Microsoft exposes tactics of European mercenary spyware broker

July 27, 2022: "The NSO Group is the canonical example, but there are other companies included on the US Department of Commerce Entities List and a myriad of others that are selling these services that are not yet included on the List," Microsoft's Cristin Flynn Goodwin said in written testimony to the hearing. Microsoft exposes tactics of European mercenary spyware broker | SC Media (scmagazine.com)

Nation-state cyberattacks aren't going away. here's how to defend against them

January 12, 2022: “While the tools and techniques may change, the goals of nation-state actors remained constant: collecting as much intelligence as possible from governments, think tanks, NGOs, policy firms, and other relevant entities to benefit the government attackers,” said Cristin Goodwin, Microsoft’s associate general counsel and general manager of the digital security unit. “This is much more traditional nation-state activity because you tend to see nation states targeting where they can gain information. These are intelligence operations.” Nation-state cyberattacks aren’t going away. Here’s how to defend against them | Federal News Network

Report: NSO Group's spyware is everywhere

April 18, 2022: “The big, dirty secret is that governments are buying this stuff — not just authoritarian governments but all types of governments,” Microsoft executive Cristin Flynn Goodwin tells Farrow. Report: NSO Group's spyware is everywhere (axios.com)

Microsoft Windows security warning as multiple 0Days used in attacks on business users

July 28, 2022: Now Microsoft itself has confirmed just how seriously this 0Day needs to be taken, with news of how threat actors have been seen exploiting it. "We observed attacks targeting law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama," Cristin Goodwin, the general manager at Microsoft's Digital Security Unit, said. Microsoft Windows Security Warning As Multiple 0Days Used In Attacks On Business Users (forbes.com)

Pardon the "intrusion": Advancing the dialogue on export controls and intrusion software

September 20, 2016: Cristin's blog about the impact of intrusion software on cybersecurity in Europe. Pardon the “intrusion”: advancing the dialogue on export controls and “intrusion software” - EU Policy Blog (microsoft.com)

Export control and cybersecurity

July 24, 2015: CSIS Panel on the Wassenaar Arrangement intrusion software controls on security responders and researchers. Decoding the BIS Proposed Rule for Intrusion Software Platforms | CSIS Events

Video

Secret Squirrels and Flashlights: Legal Risks and Threat Intelligence - Keynote SANS CTI Summit

As threat intelligence matures into a more traditional security discipline and companies seek to better protect customers through threat intel products and services, there are growing pains. Often, those pains come when the freedom of the analyst intersects with the law, corporate promises, or contracts. In this talk, we’ll explore those boundaries, and discuss strategies to help threat intelligence analysts identify and manage legal risks while hunting, investigating, and responding. We'll think about the role of lawyers on your threat intelligence team. We will also consider legal consequences in information sharing, incident response, working with third parties, government engagements, and technology choices.

BlueHat 2023: Stronger Together: Celebrating the Researcher Community

Stephanie Calabrese, Principal PM Manager, MSRC moderated the Stronger Together: Celebrating the Research Community panel with Microsoft leaders David Westin (VP, Enterprise and OS Security), Dr. Andre Alfred (Partner Director of PM, Azure Security), Cristin Goodwin (Associate General Counsel), and Dr. Abhilasha Bhargav-Spantzel (Partner Security Architect). The panel focused on Microsoft’s partnership with the security research community, along with topics on legal and regulatory oversight in incident response, the role of diversity and inclusion in security, confidential computing, and the importance of disruption and new ways of thinking to build secure systems.

Microsoft Ignite: Understanding Nation State Threats

The last 12 months have been marked by historic geopolitical events and challenges that have changed the way organizations approach their daily operations. During this time, nation state actors have created new tactics and techniques to evade detection and increase the scale of their attacks. In this session Cristin Goodwin, Associate General Counsel and head of Microsoft’s Digital Security Unit, explains the nation state threat landscape and provides context for security leaders and practitioners who are looking to better understand the relevancy of these new threats.

Decoding Nobelium: Episode 3 - Countermeasures

Learn what it took to respond to the most advanced nation-state attack in history. Hear directly from the Microsoft defenders who helped customers repel NOBELIUM—and gain actionable insights for your organization’s cybersecurity strategy.

Decoding Nobelium - Episode 4 - After action report

Now that the investigation has concluded, receive a full report on NOBELIUM’s unprecedented attack strategy and novel techniques from the threat experts who were there. Find out how NOBELIUM is part of a trend that’s changing cybersecurity forever and learn how to prepare your organization for the next wave of nation-state attacks.

Rights Con: Fireside Chat on Crisis Points and Paths Forward

Join Michael Hull, Cristin Flynn Goodwin and Anastasiya Zhyrmont in conversation with facilitator Richard Gaines for a fireside chat on strengthening private sector partnerships with civil society in response to authoritarian transitions, military takeovers, and political instability. Speakers will discuss the importance of corporate policies that offer transparency into how platforms manage requests from government authorities that lack legitimacy or perpetrate severe human rights abuses, and the need for channels and mechanisms to connect activists with companies during moments of crisis, when crucial decisions around blocking or restricting access to services are being made. Speakers: Cristin Flynn Goodwin, General Manager, Digital Security Unit, Microsoft Anastasiya Zhyrmont, Campaigner, Eastern Europe & Central Asia, Access Now Michael Hull, President, Psiphon Hosted by: Richard Gaines, Senior Human Rights Advocacy Manager, Wikimedia Foundation

Middle East Institute Cyber Conference

Cristin's closing keynote on nation state threats at the Middle East Institute Cyber Conference.

Pacific Forum's United States-Singapore Cyber & Tech Security Virtual Series

The first public session of Pacific Forum's United States-Singapore Cyber & Tech Security Virtual Series, held with support from the US Embassy Singapore on November 17,2020 (USA)/November 18, 2020 (Asia) Featuring: Benjamin Ang, Senior Fellow, RSIS Cristin Goodwin, Assistant General Counsel, Microsoft

RSA Conference 2020: Nation State actors v. Your Legal Team

Moderator: Steve Black, Professor of Law, Texas Tech University School of Law Panelists: Cristin Goodwin, Assistant General Counsel, Microsoft Brian Levine, Managing Director, Transactions Cyber Group, Ernst & Young Fighting nation-states and advanced actors requires a bigger toolbox, with lawyers and tech teams working together. Panelists Cristin Goodwin, Microsoft’s assistant general counsel for cybersecurity, and Brian Levine, DOJ’s former lead cyber-prosecutor, will discuss inside and outside threats, private vs. government action, and how legal teams can enable clients to defend against advanced actors.

RSA Conference 2020: Am I allowed to subvert machine learning for fun?

Moderator: Ram Shankar Siva Kumar, Data Cowboy, Microsoft/Harvard Panelists: Nicholas Carlini, Research Scientist, Google Brain Betsy Cooper, Director, Aspen Tech Policy Hub, Aspen Institute Cristin Goodwin, Assistant General Counsel, Microsoft When your machine learning (ML) system is attacked, what legal remedies can you seek? Has your terms of service even been updated to account for such attacks? If you’re an attacker, what risks are you assuming? This panel’s goal will be to convey the definitional challenges that attacks on ML systems pose in cybercrime, copyright and product liability law, and their impact on organizations and society.Pre-Requisites: The panel is aimed at policy and legal professionals with little to no understanding of Machine learning. All the pre-reqs are self contained. At the beginning of each section, we go through the attack - and then dissect it.