A new effort to build patrol drones for urban fights began by forming an ethics advisory board.

DARPA program seeks AI-infused drones that can help prevent friendly fire and civilian casualties in urban battles. But the truly innovative part of the URSA effort might be the inclusion of ethics advisors from the very start.

“It’s the first time we’ve considered this program approach. Certainly [before] we might consider it at the end,” said Lt. Col. Philip Root, program manager for the Urban Reconnaissance through Supervised Autonomy program. “It’s not that program managers shy away from that, but here we wanted to try something different which was invoke this analysis early on, and it’s proven to be absolutely essential.”

Root said URSA aims to collect information about people in complex warfighting environments, in order to help humans understand who is a threat.

“We really want to try to ensure we allow non-hostiles, non-combatants, to move out of the way. Future urban conflict is going to take place in large cities where the population can’t just go to the mountains,” Root said. “So we have to consider that all this is going to occur around people who don’t want to be there.”

Root said the development of such technology that interacts with humans is “fraught with legal, moral, and ethical implications,” which is why the ethics team was involved in the outset.

“We met [with the ethicists] even before we had technical performers on contract to begin thinking about the ethical problems we have and actually putting it on paper,” Root said. “Don’t know if the technical [side] will actually work, but we know it will be far more ethical and aligned with our national ethos.”


Increasingly, attackers are targeting the most vulnerable people inside companies and exploiting their weaknesses.

SAN FRANCISCO – Companies keep watchful eyes on disgruntled employees who are insider threat risks. But Code42’s CISO Jadee Hanson said distraught employees, that are particularly vulnerable to outside ploys, should be equally scrutinized.

Hanson said factors such as terminal illnesses, divorce or personal tragedies can be used against employees by attackers in the form of phishing emails that contain risky attachments and links. She said more companies are now trying to identify these “high risk” employees before external attackers do.

“If I can get the person in the finance department of a company to wire money to someone because I’m preying off of something that is going wrong in her life, and I’m threatening to tell her boss, that’s a much higher payoff to me than sending the mass phishing attack to everybody in the company,” Hanson told Threatpost in an interview at the RSA Conference 2019 last week.

She said adversaries are combing through social media and any other type conversation threads they can get their hands on to find a target who may be contributing to a survivor or support message board.



** What follows is a transcript of the interview **

Tom Spring: Hi. We’re here at Broadcast Alley at RSAConference in San Francisco, and I’m joined by Jadee Hansen with Code42. Jadee, please introduce yourself.

Jadee Hansen: I’m Jadee Hansen. I’m the CISO at Code42 and also lead our IT team.

Tom Spring: Well, Jadee, welcome to Threatpost Broadcast Alley. I was really intrigued by our last conversation when we were talking about different types of cybersecurity as it pertains to not just firewalls but more specifically towards insider threats and the unique ways that the adversaries are exploiting insider threats, which I honestly hadn’t considered until you shared them with me. Can you talk a little bit about your insider threat perspective and some of the new threat landscapes you’re seeing there?

Jadee Hansen: Absolutely. Yeah. You know, from a security perspective, we’re very focused on the external actor and sometimes lose sight of the internal threat that we should be all aware of. There was something that was just released this week on the Verizon data breach report talking about the rise of the insider threat issues and classifying them as either malicious or non-malicious, and it’s fascinating.

We like to think that all the employees that we work with love where they work and wouldn’t do anything to harm our company. However, we’ve seen it play out how insiders and how employees of companies absolutely take advantage of the companies that they work for.

Tom Spring: You know what is interesting, though, was what you were talking about when it comes to adversaries taking advantage of people’s, I don’t know, for lack of a better term, psychological vulnerabilities.


Shippers, retailers and restaurants are experimenting with robots, drones and self-driving cars in a bid to use automation to drive down the high cost of delivering gadgets, groceries and even cups of coffee the “last mile” to consumer doorsteps.

FedEx is teaming up with DEKA Development & Research Corp, whose founder Dean Kamen invented the Segway stand-up scooter and iBot stair-climbing wheelchair, for its project. The delivery company said the robots could become part of its SameDay service that operates in 1,900 cities around the world.


The battery-powered robots look like coolers on wheels. Cameras and software help them detect and avoid obstacles as they roam sidewalks and roadways at a top speed of 10 miles (16 km) per hour.

The project must win approval in test cities, including the shipper’s hometown of Memphis, and the first deliveries will be between FedEx office stores.

On average, more than 60 percent of merchants’ customers live within three miles of a store location. FedEx said it is working with its partners, which also include AutoZone Inc and Target Corp, to determine if autonomous delivery to them is a viable option for fast, cheap deliveries.


The “last mile” to the home accounts for 50 percent or more of total package delivery costs. Restaurants pay third-party delivery companies like Uber Eats, DoorDash and GrubHub commissions of 10-30 percent per order.

Investors and companies are pouring millions of dollars into projects aimed at lowering those costs and overcoming regulatory hurdles. For safety reasons, many states want autonomous vehicles to have humans as emergency backup drivers.


U.S. officials recently detailed an offensive cyber operation undertaken by U.S. Cyber Command to The Washington Post, revealing how the military blocked Internet access to St. Petersburg’s Internet Research Agency on the day of the U.S. midterm elections last year.

“The operation marked the first muscle-flexing by U.S. Cyber Command, with Intelligence from the National Security Agency, under new authorities it was granted by President Trump and Congress last year to bolster offensive capabilities,” writes the Post’s Ellen Nakashima.

Military offensive cyber operations were just one of the important global issues that we discussed recently with Cipher Brief Expert Dr. James Miller, former Under Secretary of Defense for Policy from 2012-2014.

In a Cipher Brief Exclusive, we asked Dr. Miller to outline his biggest concerns when it comes to future global cyber challenges.  Dr. Miller has spoken in the past at the International Conference on Cyber Engagement, being held this year on April 23, and hosted by Catherine Lotrionte and the Atlantic Council. 

Status of Military Operations in Cyberspace – Cyber Deterrence and Military Offensive Operations

Miller: I’m focused on the status of military operations in cyberspace, both on a day-to-day basis, and including issues related to cyber deterrence. The Defense Science Board has done some work on that topic, and Cyber Command has laid out their new vision to achieve, and maintain, cyberspace superiority.

The discussion has changed over the last few months, and I think our allies and partners as well as our potential adversaries, would welcome a continued conversation on that topic. The United States needs to listen to our allies and partners, as well as the perspective of our potential adversaries, in understanding what that competition looks like, where the potential for escalation is and so forth.

International Norms

Miller: Something I’ve discussed a lot with Catherine Lotrionte, and something that she has focused on quite a bit during her past conferences, has been on the issue of international norms.

Again, there have been some interesting recent developments.  The UN GGE (Group of Governmental Experts) did some good work several years ago. This past December, they adopted a resolution focused on advancing responsible state behavior in cyberspace.   We also have the Paris Call for Trust and Security in Cyberspace, and there are additional works that have been underway by some of our allies and partners.  I’ve been thinking about those norms both for governments and for the private sector and how they interact.  On that thought, an extension of the Paris call is the Cybersecurity Tech Accord, where the private sector is beginning to assert, in some pretty strong ways, what it will and won’t do.  This is both a challenge and an opportunity for the United States.

Working with Allies and Partners on Cyber Defense

Miller:  The topic of where we are right now in working with our allies and partners in cyber really intersects with the previous two issues.

There have been important recent developments including the last NATO summit with the opening of the Cyber Operations Center.  If you think about this in the NATO context, for decades there were two pillars of NATO security; the conventional deterrent and the nuclear deterrent. Less than a decade ago, missile defense was added as a key component, and now cyber over the past six to eight years has begun to work its way in to the defense strategy. Starting with the Cooperative Cyber Defense Center of Excellence in Tallinn, Estonia. And now it’s the Cyber Operations Center, which basically says, “Although NATO doesn’t have offensive cyber capabilities, nations can bring them in.”