Ravi Nayyar
@ravirockks.bsky.social
Critical Software + CNI Law | PhD Candidate at the University of Sydney | Fellow @ASPI-org.bsky.social | Associate Fellow at the Social Cyber Institute | Blogging @atechnolegalupdate.substack.com | Cricket, #Bloods | #KalikaMataKiJai
Pinned
Ravi Nayyar
@ravirockks.bsky.social
· Jan 6
Tangos in the Tangled Web
Stuff Ravi's written on all things software supply chain x security x law
open.substack.com
G’Day,
Since folks are increasingly talking about software supply chain risks to national security, here's a collection of my work on the subject.
Going back to 2022.
Since folks are increasingly talking about software supply chain risks to national security, here's a collection of my work on the subject.
Going back to 2022.
'While not the sole driver, Trump-era disruption helped redirect criminal attention into the Pacific, increasing Australia's exposure to transnational drug networks ...
'Mexican cartels were "increasingly targeting illicit drug markets in Australia and New Zealand" ...
'Mexican cartels were "increasingly targeting illicit drug markets in Australia and New Zealand" ...
November 20, 2025 at 9:29 AM
'While not the sole driver, Trump-era disruption helped redirect criminal attention into the Pacific, increasing Australia's exposure to transnational drug networks ...
'Mexican cartels were "increasingly targeting illicit drug markets in Australia and New Zealand" ...
'Mexican cartels were "increasingly targeting illicit drug markets in Australia and New Zealand" ...
'... one operator failed to detect an intrusion for 520 days, then waited another 84 days before notifying ...
'Mining and manufacturing companies that detected breaches ... taking on average an extra 39 days to report incidents once detected.
'Mining and manufacturing companies that detected breaches ... taking on average an extra 39 days to report incidents once detected.
November 20, 2025 at 9:24 AM
'... one operator failed to detect an intrusion for 520 days, then waited another 84 days before notifying ...
'Mining and manufacturing companies that detected breaches ... taking on average an extra 39 days to report incidents once detected.
'Mining and manufacturing companies that detected breaches ... taking on average an extra 39 days to report incidents once detected.
'The captain and first officer told police after the plane landed that Emerson said: “I’m not OK” just before he reached up to pull the handles. They were able to stop him before he pulled the handles all the way down, the affidavit said.
November 20, 2025 at 9:08 AM
'The captain and first officer told police after the plane landed that Emerson said: “I’m not OK” just before he reached up to pull the handles. They were able to stop him before he pulled the handles all the way down, the affidavit said.
'In Victoria, plumbers are covered by a unique policy called the Licensed Plumbers General Insurance Order 2002, introduced by ministerial order, to protect home owners if plumbing work fails.
November 20, 2025 at 9:06 AM
'In Victoria, plumbers are covered by a unique policy called the Licensed Plumbers General Insurance Order 2002, introduced by ministerial order, to protect home owners if plumbing work fails.
'France's Louvre Museum will install 100 external cameras by the end of 2026 as part of measures to tighten security after last month's spectacular heist.
'... ties with Paris police would be tightened with the installation of an "advanced police station ...'
'... ties with Paris police would be tightened with the installation of an "advanced police station ...'
November 20, 2025 at 8:53 AM
'France's Louvre Museum will install 100 external cameras by the end of 2026 as part of measures to tighten security after last month's spectacular heist.
'... ties with Paris police would be tightened with the installation of an "advanced police station ...'
'... ties with Paris police would be tightened with the installation of an "advanced police station ...'
As someone who has spent the spent the past four-years-and-a-bit doing a PhD on the regulation of CNI assets and their software supply chains, to say geoeconomics is of interest to me is an understatement.
Allow me to indulge my fondness for the subject: open.substack.com/pub/atechnol...
Allow me to indulge my fondness for the subject: open.substack.com/pub/atechnol...
Geoeconomics Makes the World Go Round
Planning for the future and then some
open.substack.com
November 20, 2025 at 5:03 AM
As someone who has spent the spent the past four-years-and-a-bit doing a PhD on the regulation of CNI assets and their software supply chains, to say geoeconomics is of interest to me is an understatement.
Allow me to indulge my fondness for the subject: open.substack.com/pub/atechnol...
Allow me to indulge my fondness for the subject: open.substack.com/pub/atechnol...
'... triggered by a change to one of our database systems' permissions which caused the database to output multiple entries into a “feature file” used by our Bot Management system. That feature file, in turn, doubled in size.
November 19, 2025 at 8:49 AM
'... triggered by a change to one of our database systems' permissions which caused the database to output multiple entries into a “feature file” used by our Bot Management system. That feature file, in turn, doubled in size.
'The European Supervisory Authorities (EBA, EIOPA, and ESMA – the ESAs) publish today the list of designated critical ICT third-party providers (CTPPs) under [DORA] ...
November 19, 2025 at 8:45 AM
'The European Supervisory Authorities (EBA, EIOPA, and ESMA – the ESAs) publish today the list of designated critical ICT third-party providers (CTPPs) under [DORA] ...
From a fascinating piece by @SamuelBashfield:
'On Direction Island in Cocos, a memorial marks the 1914 raid by the German light cruiser SMS Emden, which destroyed cable station infrastructure before being engaged by HMAS Sydney in one of the first naval battles ...
'On Direction Island in Cocos, a memorial marks the 1914 raid by the German light cruiser SMS Emden, which destroyed cable station infrastructure before being engaged by HMAS Sydney in one of the first naval battles ...
November 19, 2025 at 8:37 AM
From a fascinating piece by @SamuelBashfield:
'On Direction Island in Cocos, a memorial marks the 1914 raid by the German light cruiser SMS Emden, which destroyed cable station infrastructure before being engaged by HMAS Sydney in one of the first naval battles ...
'On Direction Island in Cocos, a memorial marks the 1914 raid by the German light cruiser SMS Emden, which destroyed cable station infrastructure before being engaged by HMAS Sydney in one of the first naval battles ...
'They spotted an opportunity in Changxing to move up the value chain: to produce purified terephthalic acid (PTA), a white powder used for making polyester.
November 19, 2025 at 8:33 AM
'They spotted an opportunity in Changxing to move up the value chain: to produce purified terephthalic acid (PTA), a white powder used for making polyester.
'That’s an interesting fictional choice—except that DSP hasn’t been the United States’ primary missile warning system for more than a decade. That role belongs to the Space-Based Infrared System (SBIRS), ...
November 19, 2025 at 8:28 AM
'That’s an interesting fictional choice—except that DSP hasn’t been the United States’ primary missile warning system for more than a decade. That role belongs to the Space-Based Infrared System (SBIRS), ...
'After a one-time setup where you delegate publishing authority to your platform, it automatically obtains short-lived, scoped tokens for each build—no manual token management required.
'... ~45,000 projects configured for Trusted Publishing on PyPI so far.
'... ~45,000 projects configured for Trusted Publishing on PyPI so far.
November 19, 2025 at 8:26 AM
'After a one-time setup where you delegate publishing authority to your platform, it automatically obtains short-lived, scoped tokens for each build—no manual token management required.
'... ~45,000 projects configured for Trusted Publishing on PyPI so far.
'... ~45,000 projects configured for Trusted Publishing on PyPI so far.
'... U.S. troops are now involved in virtually continuous training and drills at different points in the archipelago.
'... the two sides agreed to more than 500 joint engagements for 2026, from large-scale exercises to exchanges of experts on smaller topics ...
'... the two sides agreed to more than 500 joint engagements for 2026, from large-scale exercises to exchanges of experts on smaller topics ...
November 19, 2025 at 8:13 AM
'... U.S. troops are now involved in virtually continuous training and drills at different points in the archipelago.
'... the two sides agreed to more than 500 joint engagements for 2026, from large-scale exercises to exchanges of experts on smaller topics ...
'... the two sides agreed to more than 500 joint engagements for 2026, from large-scale exercises to exchanges of experts on smaller topics ...
'... despite the warnings [about the shortened runway] being communicated [in a NOTAM] ... and broadcast over the radio by the automatic terminal information service.
November 19, 2025 at 8:02 AM
'... despite the warnings [about the shortened runway] being communicated [in a NOTAM] ... and broadcast over the radio by the automatic terminal information service.
'Headline GDP is projected to have grown by 0.2% in Q3, a little less than expected in the August Report. That reflects weaker-than-expected growth in exports to the US, as well as disruption linked to the Jaguar Land Rover cyberattack'.
November 19, 2025 at 7:53 AM
'Headline GDP is projected to have grown by 0.2% in Q3, a little less than expected in the August Report. That reflects weaker-than-expected growth in exports to the US, as well as disruption linked to the Jaguar Land Rover cyberattack'.
'There are no objective metrics for measuring interoperability ... NATO itself lacks a singular method for measuring interoperability.
November 19, 2025 at 7:51 AM
'There are no objective metrics for measuring interoperability ... NATO itself lacks a singular method for measuring interoperability.
From a joint statement of the FVEY telecoms/adjacent agencies on telecoms security:
'... importance of exploring harmonisation opportunities and coordinated regulatory approaches ...
'... importance of exploring harmonisation opportunities and coordinated regulatory approaches ...
November 19, 2025 at 7:47 AM
From a joint statement of the FVEY telecoms/adjacent agencies on telecoms security:
'... importance of exploring harmonisation opportunities and coordinated regulatory approaches ...
'... importance of exploring harmonisation opportunities and coordinated regulatory approaches ...
'... over 86,000 malicious packages to the NPM registry, affecting at least eleven NPM users. This attack focuses on creating new packages rather than stealing credentials or engaging in other, more immediately malicious behaviours.
November 19, 2025 at 7:42 AM
'... over 86,000 malicious packages to the NPM registry, affecting at least eleven NPM users. This attack focuses on creating new packages rather than stealing credentials or engaging in other, more immediately malicious behaviours.
'... a self-replicating attack pattern where threat actors automatically generate and publish packages to earn cryptocurrency rewards without user awareness ...
'... over 150,000 malicious packages.
'Coordinated publishing activity across multiple developer accounts'.
'... over 150,000 malicious packages.
'Coordinated publishing activity across multiple developer accounts'.
November 19, 2025 at 7:38 AM
'... a self-replicating attack pattern where threat actors automatically generate and publish packages to earn cryptocurrency rewards without user awareness ...
'... over 150,000 malicious packages.
'Coordinated publishing activity across multiple developer accounts'.
'... over 150,000 malicious packages.
'Coordinated publishing activity across multiple developer accounts'.
‘German corporate investment in China jumped €1.3 billion ($1.5 billion) between 2023 and 2024, hitting €5.7 billion ...
‘[Berlin’s] still reluctant to intervene in foreign investment decisions. One senior German official quipped that it’s historically not in the country’s DNA
‘[Berlin’s] still reluctant to intervene in foreign investment decisions. One senior German official quipped that it’s historically not in the country’s DNA
November 19, 2025 at 7:19 AM
‘German corporate investment in China jumped €1.3 billion ($1.5 billion) between 2023 and 2024, hitting €5.7 billion ...
‘[Berlin’s] still reluctant to intervene in foreign investment decisions. One senior German official quipped that it’s historically not in the country’s DNA
‘[Berlin’s] still reluctant to intervene in foreign investment decisions. One senior German official quipped that it’s historically not in the country’s DNA
'Almost £15 million from the Advancing CHERI RISC-V Devices competition will help three companies to get CHERI-enabled hardware into real products.
November 19, 2025 at 7:09 AM
'Almost £15 million from the Advancing CHERI RISC-V Devices competition will help three companies to get CHERI-enabled hardware into real products.
'... ANSSI and BSI are committed to work together to jointly develop a set of sovereignty criteria based on the newly published EU Cloud Sovereignty Framework, ...
November 19, 2025 at 7:07 AM
'... ANSSI and BSI are committed to work together to jointly develop a set of sovereignty criteria based on the newly published EU Cloud Sovereignty Framework, ...
'... used a zero-day vulnerability in a third-party software platform and copied certain data from the internal IT system ... data likely included limited information about employees and consumers and data relating to customers and suppliers.
November 19, 2025 at 7:06 AM
'... used a zero-day vulnerability in a third-party software platform and copied certain data from the internal IT system ... data likely included limited information about employees and consumers and data relating to customers and suppliers.
Goodness me, I am astonished that a marketing release was misleading.
arstechnica.com/security/202...
arstechnica.com/security/202...
Researchers question Anthropic claim that AI-assisted attack was 90% autonomous
The results of AI-assisted hacking aren’t as impressive as many might have us believe.
arstechnica.com
November 19, 2025 at 7:05 AM
Goodness me, I am astonished that a marketing release was misleading.
arstechnica.com/security/202...
arstechnica.com/security/202...
'In the second quarter of 2025, 10.6 per cent of "price intervals" ... recorded negative or zero prices, up from 7 per cent in the same period a year earlier ...
November 19, 2025 at 7:03 AM
'In the second quarter of 2025, 10.6 per cent of "price intervals" ... recorded negative or zero prices, up from 7 per cent in the same period a year earlier ...