Ravi Nayyar
@ravirockks.bsky.social
Critical Software + CNI Law | PhD Candidate at the University of Sydney | Fellow @ASPI-org.bsky.social | Associate Fellow at the Social Cyber Institute | Blogging @atechnolegalupdate.substack.com | Cricket, #Bloods | #KalikaMataKiJai
Pinned
Ravi Nayyar
@ravirockks.bsky.social
· Jan 6
Tangos in the Tangled Web
Stuff Ravi's written on all things software supply chain x security x law
open.substack.com
G’Day,
Since folks are increasingly talking about software supply chain risks to national security, here's a collection of my work on the subject.
Going back to 2022.
Since folks are increasingly talking about software supply chain risks to national security, here's a collection of my work on the subject.
Going back to 2022.
At last, the Bill’s in Parliament!
bills.parliament.uk/bills/4035
bills.parliament.uk/bills/4035
Cyber Security and Resilience (Network and Information Systems) Bill - Parliamentary Bills - UK Parliament
Current version of Cyber Security and Resilience (Network and Information Systems) Bill with latest news, sponsors, and progress through Houses
bills.parliament.uk
November 13, 2025 at 6:09 AM
At last, the Bill’s in Parliament!
bills.parliament.uk/bills/4035
bills.parliament.uk/bills/4035
Who doesn't love some national security law drama?
My views on the saga of the aborted Chinese espionage trial in the UK.
My views on the saga of the aborted Chinese espionage trial in the UK.
A Few of Us, Allegedly: The Saga of the Aborted Chinese Espionage Trial in the UK
Oh, what a tangled web we weave
open.substack.com
November 13, 2025 at 5:35 AM
Who doesn't love some national security law drama?
My views on the saga of the aborted Chinese espionage trial in the UK.
My views on the saga of the aborted Chinese espionage trial in the UK.
Some jibber-jabber from me on cybery developments that came to my attention in the past month.
Some Cybery Developments
Well, what do we have here?
open.substack.com
November 11, 2025 at 5:07 AM
Some jibber-jabber from me on cybery developments that came to my attention in the past month.
Reposted by Ravi Nayyar
There's now talks of investigations into Chinese-made electric buses in Australia, Denmark, the UK, and the Netherlands.
‘Any smart device imported and used in Australia should "be fully assessed for data collection, storage, and transmission", Dr Desmond said’.
Or just basic product security.
www.abc.net.au/news/2025-11...
Or just basic product security.
www.abc.net.au/news/2025-11...
Chinese buses on Australian roads spark cybersecurity concerns
The same Chinese company that makes electric buses now under review in Denmark and Norway also has electric buses on Australian roads.
www.abc.net.au
November 9, 2025 at 7:31 PM
There's now talks of investigations into Chinese-made electric buses in Australia, Denmark, the UK, and the Netherlands.
Reposted by Ravi Nayyar
ॐ श्रीं ह्रीं सरस्वत्यै नमः।
November 9, 2025 at 1:50 AM
ॐ श्रीं ह्रीं सरस्वत्यै नमः।
It would be nice if the aliens have ADS-B when they come in to say G’Day.
November 8, 2025 at 9:21 PM
It would be nice if the aliens have ADS-B when they come in to say G’Day.
[Puts on lazy NRL stereotypes hat.]
Was Lady Macbeth a Manly Sea Eagles fan?
Was Lady Macbeth a Manly Sea Eagles fan?
November 8, 2025 at 7:39 PM
[Puts on lazy NRL stereotypes hat.]
Was Lady Macbeth a Manly Sea Eagles fan?
Was Lady Macbeth a Manly Sea Eagles fan?
‘Transport operator Ruter said test results published last week showed that bus-maker Yutong Group had access to bus control systems for software updates and diagnostics.
November 8, 2025 at 6:28 AM
‘Transport operator Ruter said test results published last week showed that bus-maker Yutong Group had access to bus control systems for software updates and diagnostics.
‘… said it will have fully recovered from April's cyber hack by March next year …
‘… forced to suspend online clothing orders for seven weeks and click-and-collect services for nearly four.
‘… forced to suspend online clothing orders for seven weeks and click-and-collect services for nearly four.
November 8, 2025 at 6:19 AM
‘… said it will have fully recovered from April's cyber hack by March next year …
‘… forced to suspend online clothing orders for seven weeks and click-and-collect services for nearly four.
‘… forced to suspend online clothing orders for seven weeks and click-and-collect services for nearly four.
‘The market for CTI is also dominated by US companies, including CrowdStrike, IBM, Google (Mandiant), and Recorded Future. Large companies that also offer other cybersecurity products – especially those that collect data on incidents, such as EDR and SIEM – …
November 8, 2025 at 6:15 AM
‘The market for CTI is also dominated by US companies, including CrowdStrike, IBM, Google (Mandiant), and Recorded Future. Large companies that also offer other cybersecurity products – especially those that collect data on incidents, such as EDR and SIEM – …
’The Jobs and Skills Report noted a correlation with weak productivity growth, "indicating that poor skill matching may be compounding economic pressures".
November 8, 2025 at 5:57 AM
’The Jobs and Skills Report noted a correlation with weak productivity growth, "indicating that poor skill matching may be compounding economic pressures".
’[The French Culture Minister] refused the resignation of the museum director and cited four failings: underestimated risk, under-equipped security, ill-suited governance and "obsolete" protocols’.
November 8, 2025 at 5:39 AM
’[The French Culture Minister] refused the resignation of the museum director and cited four failings: underestimated risk, under-equipped security, ill-suited governance and "obsolete" protocols’.
‘The old iteration of the BOM website also provided a daily numerical value [for the Fire Danger Rating], allowing residents and firefighters to know exactly where on the scale the forecast fell.
November 8, 2025 at 5:38 AM
‘The old iteration of the BOM website also provided a daily numerical value [for the Fire Danger Rating], allowing residents and firefighters to know exactly where on the scale the forecast fell.
‘After a long litigation, it remains unclear why Shvidler was sanctioned, while others in similar situations were not. The government admitted that Shvidler was a “secondary” target: his designation aimed to put pressure on a “primary” target, his friend Roman Abramovich.
November 8, 2025 at 5:23 AM
‘After a long litigation, it remains unclear why Shvidler was sanctioned, while others in similar situations were not. The government admitted that Shvidler was a “secondary” target: his designation aimed to put pressure on a “primary” target, his friend Roman Abramovich.
‘Sydney’s new metro station, Gadigal Station, has been named by the Prix Versailles as one of the World’s Most Beautiful Passenger Stations for 2025.
November 8, 2025 at 5:06 AM
‘Sydney’s new metro station, Gadigal Station, has been named by the Prix Versailles as one of the World’s Most Beautiful Passenger Stations for 2025.
‘But just two years since commercial operations began, shareholders are struggling to make a profit and pay back debt.
November 8, 2025 at 5:05 AM
‘But just two years since commercial operations began, shareholders are struggling to make a profit and pay back debt.
‘As a result, the book contributes little of utility to a defensive policy debate. The main drivers of the cyber insecurity are hardly discussed until the Epilogue: The economic misincentives that cause the tech industry to earn hundreds of billions …
November 8, 2025 at 4:59 AM
‘As a result, the book contributes little of utility to a defensive policy debate. The main drivers of the cyber insecurity are hardly discussed until the Epilogue: The economic misincentives that cause the tech industry to earn hundreds of billions …
‘The ABC has spoken with several single mothers from the South Sudanese community in Melton, who are terrified of what is next for their children, and they seem unsure about what their children are entangled in.
November 7, 2025 at 11:04 PM
‘The ABC has spoken with several single mothers from the South Sudanese community in Melton, who are terrified of what is next for their children, and they seem unsure about what their children are entangled in.
'Millar’s observation that more than two-thirds of automobiles sold in Australia were made here and that local oil refineries "meet almost all requirements of refined petroleum products" today appears unrecognisable.
November 6, 2025 at 5:54 AM
'Millar’s observation that more than two-thirds of automobiles sold in Australia were made here and that local oil refineries "meet almost all requirements of refined petroleum products" today appears unrecognisable.
'You carefully read the documentation, which was originally written by a monk in isolation while being slowly crushed to death by a wine barrel, and allow your resources just the permissions they need to talk to one another — which of course doesn't work ...
November 6, 2025 at 5:42 AM
'You carefully read the documentation, which was originally written by a monk in isolation while being slowly crushed to death by a wine barrel, and allow your resources just the permissions they need to talk to one another — which of course doesn't work ...
'Threat actors compromise these companies and use their access to bid on cargo shipments, to then steal and sell them.
November 6, 2025 at 5:27 AM
'Threat actors compromise these companies and use their access to bid on cargo shipments, to then steal and sell them.
More DPRK cyber sanctions.
US: home.treasury.gov/news/press-r...
Oz: www.foreignminister.gov.au/minister/pen...
US: home.treasury.gov/news/press-r...
Oz: www.foreignminister.gov.au/minister/pen...
Treasury Sanctions DPRK Bankers and Institutions Involved in Laundering Cybercrime Proceeds and IT Worker Funds
WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned eight individuals and two entities for their role in laundering funds derived from a variety of ...
home.treasury.gov
November 6, 2025 at 5:22 AM
More DPRK cyber sanctions.
US: home.treasury.gov/news/press-r...
Oz: www.foreignminister.gov.au/minister/pen...
US: home.treasury.gov/news/press-r...
Oz: www.foreignminister.gov.au/minister/pen...
'One of the things we look for when it comes to counterintelligence threats, insider threats, is financial hardship ... And I am in a building surrounded by super top-secret operations, and people who are running the f**k out of money.
November 6, 2025 at 5:19 AM
'One of the things we look for when it comes to counterintelligence threats, insider threats, is financial hardship ... And I am in a building surrounded by super top-secret operations, and people who are running the f**k out of money.
'None of the attacks impacted the safe supply of drinking water itself, but instead affected the organizations behind those supplies. The incidents, a record number in any two-year period ...
November 6, 2025 at 5:13 AM
'None of the attacks impacted the safe supply of drinking water itself, but instead affected the organizations behind those supplies. The incidents, a record number in any two-year period ...