In 2008, Carr founded Project Grey Goose, a crowd-sourced open-source intelligence effort to attribute major cyber attacks.[2][3][4] The Project soliticited the expertise of vetted volunteers, while seeking to filter out non-experts and cyber criminals. The Project's first area of research was the campaign of cyberattacks during the Russo-Georgian War.[1]
In 2011, Carr created the Suits and Spooks conference series, which offered a private forum for intelligence veterans to meet with technologists, academics, hackers, and business executives. The forum was acquired by Wired Business Media in 2014.[5]
Carr was the founder of now-defunct cybersecurity firms Taia Global Ltd (also founder) and GreyLogic. He later wrote about the lessons he gained from their failures.[6][1][7]
He is the author of Inside Cyber Warfare: Mapping the Cyber Underworld (O'Reilly Media 2009, 2011), which analyzed cyber conflicts from 2002 until 2009.[9][10][11] In Cyber Warfare, Carr argued that international cyber attacks are predominantly deployed by non-state actors, who are sometimes encouraged and tolerated by state entities.[1] Alternately, as Carr later told The Christian Science Monitor, it is private IT infrastructure, rather than government policy, that lies at the heart of US vulnerability to international cyber attacks.[12]
Jeffrey Carr has blogged about cyber security and warfare at Intelfusion.net[1][4] (until September 1, 2010) and Forbes' The Firewall.[13][14][15][16] Carr said he had quit The Firewall in protest, after his post on Yuri Milner's relationship to the Russian FSB was taken down by Forbes at the request of Milner's lawyer.[17]
In March 2017, Carr stated there was growing doubt in the computer security industry regarding the narrative of Russian state sponsorship of hacks associated with the 2016 US elections. Carr stated that, because the FBI relied on forensic investigations by global cybersecurity consultancy CrowdStrike, "everyone else is relying on information they provided."[18] Several notable competitors of CrowdStrike, including Symantec and FireEye examined the underlying data and endorsed CrowdStrike's conclusions.[19]
Professional publications
“The Classification of Valuable Data in an Assumption of Breach Paradigm”, Georgetown Journal of International Affairs, March 2014
“The Misunderstood Acronym: Why Cyber Weapons aren’t WMD”, Bulletin of the Atomic Scientists, Sept 1, 2013, Vol, 69, No. 5, p. 3237
“Intelligence Preparation of the Information and Communications Environment”, Air & Space Power Journal, 2012, Vol 24, No. 3
^Marks, Larry (4 July 2013). "Inside Cyber Warfare, Mapping the Cyber Underworld, by Carr, Jeffrey". Information Security Journal: A Global Perspective. 22 (4): 201–202. doi:10.1080/19393555.2013.828804. ISSN1939-3555. S2CID44346810.