Ravi Nayyar
@ravirockks.bsky.social
Critical Software + CNI Law | PhD Candidate at the University of Sydney | Fellow @ASPI-org.bsky.social | Associate Fellow at the Social Cyber Institute | Blogging @atechnolegalupdate.substack.com | Cricket, #Bloods | #KalikaMataKiJai
Pinned
Ravi Nayyar
@ravirockks.bsky.social
· Jan 6
Tangos in the Tangled Web
Stuff Ravi's written on all things software supply chain x security x law
open.substack.com
G’Day,
Since folks are increasingly talking about software supply chain risks to national security, here's a collection of my work on the subject.
Going back to 2022.
Since folks are increasingly talking about software supply chain risks to national security, here's a collection of my work on the subject.
Going back to 2022.
63*
Forever.
Om Shanti.
Forever.
Om Shanti.
November 28, 2025 at 12:18 AM
63*
Forever.
Om Shanti.
Forever.
Om Shanti.
Mapping the supply chains for an adversary's aviation industrial base - on the reading list!
cc: @guyyeomans.bsky.social, @ciaranm.bsky.social
www.rusi.org/explore-our-...
cc: @guyyeomans.bsky.social, @ciaranm.bsky.social
www.rusi.org/explore-our-...
Vulnerabilities in Sukhoi Production: Clipping Russia’s Wings
This research paper examines the critical vulnerabilities in the production of Russia’s Sukhoi combat aircraft and its implications for NATO and global defence markets.
www.rusi.org
November 27, 2025 at 1:21 AM
Mapping the supply chains for an adversary's aviation industrial base - on the reading list!
cc: @guyyeomans.bsky.social, @ciaranm.bsky.social
www.rusi.org/explore-our-...
cc: @guyyeomans.bsky.social, @ciaranm.bsky.social
www.rusi.org/explore-our-...
'The data is associated with the OnSolve CodeRED platform, which many counties, cities and towns use to send out [emergency] information ...
'... damage to the OnSolve CodeRED environment ... fully contained within that environment ...
'... damage to the OnSolve CodeRED environment ... fully contained within that environment ...
November 27, 2025 at 1:06 AM
'The data is associated with the OnSolve CodeRED platform, which many counties, cities and towns use to send out [emergency] information ...
'... damage to the OnSolve CodeRED environment ... fully contained within that environment ...
'... damage to the OnSolve CodeRED environment ... fully contained within that environment ...
'The Royal Borough of Kensington and Chelsea (RBKC), and Westminster city council, which share some IT infrastructure, said a number of systems had been affected across both authorities, including phone lines.
November 27, 2025 at 1:02 AM
'The Royal Borough of Kensington and Chelsea (RBKC), and Westminster city council, which share some IT infrastructure, said a number of systems had been affected across both authorities, including phone lines.
Recall from earlier this month
November 27, 2025 at 12:58 AM
Recall from earlier this month
'More than 14,000 Optus services in Frankston and the Mornington Peninsula were affected ...
'[Optus] do have photo evidence, very clear, that there has been a cut made ...
'[Optus] do have photo evidence, very clear, that there has been a cut made ...
November 27, 2025 at 12:56 AM
'More than 14,000 Optus services in Frankston and the Mornington Peninsula were affected ...
'[Optus] do have photo evidence, very clear, that there has been a cut made ...
'[Optus] do have photo evidence, very clear, that there has been a cut made ...
'Overnight, Sydney Trains said engineers were on the ground inspecting and rectifying damage after severe weather brought down trees onto power lines, impacting energy supply to the network.
November 27, 2025 at 12:51 AM
'Overnight, Sydney Trains said engineers were on the ground inspecting and rectifying damage after severe weather brought down trees onto power lines, impacting energy supply to the network.
On the reading list.
The anniversary was only yesterday. I remember being in New Delhi on holiday with my parents, watching the attack unfold on live television, utterly shocked.
mwi.westpoint.edu/mumbai-under...
The anniversary was only yesterday. I remember being in New Delhi on holiday with my parents, watching the attack unfold on live television, utterly shocked.
mwi.westpoint.edu/mumbai-under...
Mumbai Under Siege: An Urban Warfare Project Case Study - Modern War Institute
Sixty hours. That's how long ten members of the Pakistan-based Lashkar-e-Taiba terrorist group effectively kept the Indian city of Mumbai under siege after they beached their boats on the evening of N...
mwi.westpoint.edu
November 27, 2025 at 12:49 AM
On the reading list.
The anniversary was only yesterday. I remember being in New Delhi on holiday with my parents, watching the attack unfold on live television, utterly shocked.
mwi.westpoint.edu/mumbai-under...
The anniversary was only yesterday. I remember being in New Delhi on holiday with my parents, watching the attack unfold on live television, utterly shocked.
mwi.westpoint.edu/mumbai-under...
'... fortunately many packages have already been reclaimed by their owners, including those from Zapier and Postman, and the malicious versions have been removed from npm.
November 26, 2025 at 4:17 AM
'... fortunately many packages have already been reclaimed by their owners, including those from Zapier and Postman, and the malicious versions have been removed from npm.
I flagged DG ASIO's remarks in my recent essay on physical security: open.substack.com/pub/atechnol...
November 26, 2025 at 12:53 AM
I flagged DG ASIO's remarks in my recent essay on physical security: open.substack.com/pub/atechnol...
'A police sergeant was left unable to drive, shower or dress herself after a Palestine Action activist allegedly hit her with a sledgehammer during a break-in at an Israeli defence firm's UK site, a trial has heard.
November 26, 2025 at 12:49 AM
'A police sergeant was left unable to drive, shower or dress herself after a Palestine Action activist allegedly hit her with a sledgehammer during a break-in at an Israeli defence firm's UK site, a trial has heard.
'It estimates up to 310,000 of the 1.2 million housing target would have to be built in outer suburbs by mid-2029.
November 26, 2025 at 12:01 AM
'It estimates up to 310,000 of the 1.2 million housing target would have to be built in outer suburbs by mid-2029.
'[Telstra's] backup power systems kept many services online for as long as possible, and we've been progressively restoring a number of our sites throughout last night and today
'... Telstra had restored 90 mobile sites by Tuesday afternoon.
'... Telstra had restored 90 mobile sites by Tuesday afternoon.
November 25, 2025 at 11:57 PM
'[Telstra's] backup power systems kept many services online for as long as possible, and we've been progressively restoring a number of our sites throughout last night and today
'... Telstra had restored 90 mobile sites by Tuesday afternoon.
'... Telstra had restored 90 mobile sites by Tuesday afternoon.
'The setback comes just weeks after Luke Pollard, the [UK] defence minister, showcased the Ajax fleet and declared them “safe”.
'Sources said the Iron Fist drill was immediately halted after troops reported “tingling hands, ringing in their ears and feeling sick”.
'Sources said the Iron Fist drill was immediately halted after troops reported “tingling hands, ringing in their ears and feeling sick”.
November 25, 2025 at 11:53 PM
'The setback comes just weeks after Luke Pollard, the [UK] defence minister, showcased the Ajax fleet and declared them “safe”.
'Sources said the Iron Fist drill was immediately halted after troops reported “tingling hands, ringing in their ears and feeling sick”.
'Sources said the Iron Fist drill was immediately halted after troops reported “tingling hands, ringing in their ears and feeling sick”.
'Exhausted delegates had long trips home ahead of them. Belém, while vibrant, was an incredibly expensive and hard-to-reach venue for negotiators from other continents.
November 25, 2025 at 11:48 PM
'Exhausted delegates had long trips home ahead of them. Belém, while vibrant, was an incredibly expensive and hard-to-reach venue for negotiators from other continents.
‘The [Wachbataillon] soldiers are expanding their infantry capabilities to protect federal government infrastructure in a crisis.
‘… a city such as Berlin posed many combat challenges including narrow streets, tall buildings, poor visibility and radio communication disruptions.
‘… a city such as Berlin posed many combat challenges including narrow streets, tall buildings, poor visibility and radio communication disruptions.
November 25, 2025 at 8:02 AM
‘The [Wachbataillon] soldiers are expanding their infantry capabilities to protect federal government infrastructure in a crisis.
‘… a city such as Berlin posed many combat challenges including narrow streets, tall buildings, poor visibility and radio communication disruptions.
‘… a city such as Berlin posed many combat challenges including narrow streets, tall buildings, poor visibility and radio communication disruptions.
‘The vendor, SitusAMC, has been deployed by hundreds of banks and other lenders to help originate and collect money from real estate loans and mortgages.
‘SitusAMC, based in New York, has around 5,000 employees and is owned by several private equity firms.
‘SitusAMC, based in New York, has around 5,000 employees and is owned by several private equity firms.
November 25, 2025 at 7:47 AM
‘The vendor, SitusAMC, has been deployed by hundreds of banks and other lenders to help originate and collect money from real estate loans and mortgages.
‘SitusAMC, based in New York, has around 5,000 employees and is owned by several private equity firms.
‘SitusAMC, based in New York, has around 5,000 employees and is owned by several private equity firms.
Aka a chunk of my PhD.
therecord.media/software-com...
therecord.media/software-com...
Software companies must be held liable for British economic security, say MPs
A lack of liability for software vendors is putting Britain’s economic and national security at risk, an influential committee of lawmakers warned on Monday.
therecord.media
November 25, 2025 at 7:44 AM
Aka a chunk of my PhD.
therecord.media/software-com...
therecord.media/software-com...
‘We frequently hear from small, fast-growing companies that it can take time for them to get their governance systems and processes up to scratch when they’re growing quickly. But they never seem to have much trouble …
archive.md
November 25, 2025 at 7:40 AM
‘We frequently hear from small, fast-growing companies that it can take time for them to get their governance systems and processes up to scratch when they’re growing quickly. But they never seem to have much trouble …
‘By the end of this week, [DroneShield’s] shares were down 80 per cent from the peak as the company issued a mea culpa and promised to bring in advisers to review its trading policies, its disclosure processes and its media dealings.
November 25, 2025 at 7:37 AM
‘By the end of this week, [DroneShield’s] shares were down 80 per cent from the peak as the company issued a mea culpa and promised to bring in advisers to review its trading policies, its disclosure processes and its media dealings.
‘They promise to “redefine security” but can’t even explain what problem they’re solving. They’re built for funding rounds, not production … the same core vulnerabilities keep wrecking companies year after year.
November 25, 2025 at 7:27 AM
‘They promise to “redefine security” but can’t even explain what problem they’re solving. They’re built for funding rounds, not production … the same core vulnerabilities keep wrecking companies year after year.
‘… £155 million that will boost the UK’s resilience and global leadership in [PNT] …
‘This will support a programme of work to boost the resilience of UK PNT – including initial work that would provide PNT that is independent of signals from satellites, …
‘This will support a programme of work to boost the resilience of UK PNT – including initial work that would provide PNT that is independent of signals from satellites, …
November 25, 2025 at 7:17 AM
‘… £155 million that will boost the UK’s resilience and global leadership in [PNT] …
‘This will support a programme of work to boost the resilience of UK PNT – including initial work that would provide PNT that is independent of signals from satellites, …
‘This will support a programme of work to boost the resilience of UK PNT – including initial work that would provide PNT that is independent of signals from satellites, …
‘This suggests that collaboration is not seamless between the agencies on all topics – at times it still needs to be shepherded. And, as The Times highlighted, perhaps on policy areas – such the proscription of terrorist groups – ‘jointery’ is much more difficult.
November 25, 2025 at 7:14 AM
‘This suggests that collaboration is not seamless between the agencies on all topics – at times it still needs to be shepherded. And, as The Times highlighted, perhaps on policy areas – such the proscription of terrorist groups – ‘jointery’ is much more difficult.
The Germans have enacted a law to strengthen governmental cybersecurity.
www.bundestag.de/dokumente/te...
www.bundestag.de/dokumente/te...
Deutscher Bundestag - Gesetz zur Informationssicherheit in der Bundesverwaltung beschlosse...
Der Bundestag hat am Donnerstag, 13. November 2025, nach halbstündiger Debatte den Gesetzentwurf der Bundesregierung „zur Umsetzung der NIS-2-Richtlinie und zur Regelung wesentlicher...
www.bundestag.de
November 25, 2025 at 7:04 AM
The Germans have enacted a law to strengthen governmental cybersecurity.
www.bundestag.de/dokumente/te...
www.bundestag.de/dokumente/te...
Looks a great resource.
www.gov.uk/government/c...
www.gov.uk/government/c...
Cyber security guidance for business
Guidance to help businesses and organisations improve online security and protect against cyber threats.
www.gov.uk
November 25, 2025 at 7:00 AM
Looks a great resource.
www.gov.uk/government/c...
www.gov.uk/government/c...