Skip to content

Posts by Paul Rosenzweig

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Distinguished Visiting Fellow at the Homeland Security Studies and Analysis Institute. He also serves as a Professorial Lecturer in Law at George Washington University, a Senior Editor of the Journal of National Security Law & Policy, and as a Visiting Fellow at The Heritage Foundation.

Sony Counter Attacks

By
Thursday, December 11, 2014 at 11:32 AM

The reality of conflict (not war) in the cyber domain — Sony is now reported to be launching DDoS attacks against the hackers attempting to distribute its confidential documents: Sony has launched a counterattack against people trying to download leaked files stolen from its servers after a massive hack. Re/code is reporting that Sony is . . .
Read more »

Mysterious ’08 Turkey Pipeline Blast Opened New Cyberwar Era

By
Wednesday, December 10, 2014 at 1:47 PM

Bloomberg has the story.  For those who think that cyber conflict is a bit of a myth, this is a cautionary tale.  From the opening: The pipeline was outfitted with sensors and cameras to monitor every step of its 1,099 miles from the Caspian Sea to the Mediterranean. The blast that blew it out of . . .
Read more »

Congress Tries To Stop the IANA Transition — But Does It?

By
Wednesday, December 10, 2014 at 10:57 AM

By now, readers of this blog are aware of the decision by the Obama Administration to relinquish the last vestiges of control of the Internet Assigned Numbers Authority (known as the IANA function).  The IANA function is currently operated by a non-profit corporation, the Internet Corporation for Assigned Names and Numbers (ICANN), under contract to . . .
Read more »

Lawfare Buys a Bitcoin — Introduction

By
Tuesday, December 9, 2014 at 8:04 AM

Lawfare has decided to buy a bitcoin. We do this not as an investment but as an experiment in journalism. Buying a bitcoin will let us explore the mechanics of how the market works and also give us a fun platform to look at some of the legal and policy issues surrounding crypto-currency. This introductory . . .
Read more »

Cyber Supply Chain Security

By
Tuesday, December 2, 2014 at 11:30 AM

There are many ways to think about enhancing cybersecurity.  One, for example, is the prospect of software liability, which would, drive safer code. Another, interesting take on the problem has just been offered by Representative Ed Royce, the Chairman of the House Committee on Foreign Affairs — a proposal that he dubs the “Cyber Supply . . .
Read more »

Labor Relations and Chemical Security

By
Monday, December 1, 2014 at 5:23 PM

You wouldn’t think that labor relations were related to chemical security, but they are (or at least they may be).  The security of our chemical facilities is governed by the CFATS — the Chemical Facility Anti-Terrorism Standards (6 CFR Part 27). CFATS are promulgated by DHS pursuant to Section 550 of the Department of Homeland . . .
Read more »

Jeh Johnson for Secretary of Homeland Security

By
Wednesday, November 26, 2014 at 3:01 PM

Rumor has it, that Jeh Johnson, the current Secretary of DHS, is being considered for appointment as the next Secretary of Defense.  Don’t do it Mr. Johnson.  Don’t do it President Obama. I say this, not because I think Johnson would do a bad job.  To the contrary, I’m sure that as a dedicated public . . .
Read more »

Huawei at Fed Ex Field

By
Monday, November 24, 2014 at 3:16 PM

So … Huawei has announced that it will sponsor the Wi-Fi at Fed Ex field for the Suite level.  Any one out there worried, in the least, that Huawei might tap the communications there?  Given how “movers and shakers” all use the Suite level, the richness of the target environment is insanely large.  And how . . .
Read more »

A Charlie Brown Congress

By
Monday, November 24, 2014 at 9:12 AM

Sometimes metaphors are subtle … but sometimes they just slap you in the face.  So it has been the past two days as my wife and I went walking on Capitol Hill.  As we did we saw the Congressional Christmas tree being planted in all its splendor. Except it wasn’t that splendid.  It reminded us . . .
Read more »

Executive Discretion and Immigration Law

By
Friday, November 21, 2014 at 12:32 PM

Earlier this week Ben posted his own thoughts on the President’s exercise of prosecutorial discretion in the enforcement of our immigration laws.  Now, we have the DOJ OLC opinion justifying the President’s actions, and a preliminary response from Gabriel Malor.  I am sure that much ink will be spilled regarding the topic in coming days . . .
Read more »

Congressional Action on ICANN Accountability

By
Wednesday, November 19, 2014 at 11:51 AM

As readers of this blog know, the United States is in the midst of a transition that will, when completed, give up its contractual control of the Internet Assigned Numbers Authority (IANA).  That authority is currently conducted by the Internet Corporation for Assigned Names and Numbers (ICANN) under contract to the Department of Commerce.  Current . . .
Read more »

The .IR, .KP and .SY Domains Are “Safe”

By
Friday, November 14, 2014 at 1:21 PM

A couple of months ago, I noted an interesting law suit brought by several victims of terrorist attacks. They had secured default money judgments against Iran, North Korea and Syria for those country’s alleged complicity in supporting terror and their own resulting injuries. Sadly, for the victims, none of these countries had assets subject to . . .
Read more »

Privacy as a Utilitarian Value

By
Wednesday, November 12, 2014 at 9:30 AM

The Privacy and Civil Liberties Oversight Board is is an advisory body to assist the President and other senior Executive branch officials in ensuring that concerns with respect to privacy and civil liberties are appropriately considered in the implementation of all laws, regulations, and executive branch policies related to war against terrorism.    On November 12th . . .
Read more »

More on Pass Phrases and Fingerprints …. Gestures

By
Saturday, November 8, 2014 at 9:36 AM

Yesterday I posted a short blog on an interesting VA decision regarding the application the Fifth Amendment privilege to the question of unlocking cell phones and other devices.  The short summary is that the court held that compelling disclosure of a pass phrase or code was protected and could not be compelled, but that the . . .
Read more »

Bits and Bytes

By
Friday, November 7, 2014 at 2:15 PM

The Russians are Coming.  A trojan horse malware program has deeply penetrated US critical infrastructure and the Russians are probably behind it. The Crypto-Libertarians are Not Coming.  More than 400 Dark Web sites, including the infamous Silk Road 2.0 have been taken down in a joint US-EU law enforcement operation.  Some of the sites operated . . .
Read more »

Pass Phrases Protected; Fingerprints Not — Curiouser and Curiouser

By
Friday, November 7, 2014 at 8:58 AM

One of the most engaging contemporary debates is about the efficacy and utility of encryption as a means of protecting privacy. I’ve written, in the past, about how encryption works and about the growing body of Fifth Amendment law protecting users against compelled disclosure of their passphrases. The developing doctrine and technology is sufficiently alarming . . .
Read more »

Axiom — A Chinese APT

By
Tuesday, October 28, 2014 at 4:39 PM

And just to prove that we are equal-opportunity victims, I also saw, today, this report from Novetta on “Operation SMN” – a report on a Chinese APT dubbed Axiom.  Here’s a bit of the Executive Summary: Axiom is responsible for directing highly sophisticated cyber espionage operations against numerous Fortune 500 companies, journalists, environmental groups, pro-democracy . . .
Read more »

Russian APT28

By
Tuesday, October 28, 2014 at 11:58 AM

We tend to focus our attention on Chinese APT cyber threats for good reason — they tend to be more overt and focus on American business interests.  But we should not lose sight of the fact that Russian cyber skills are just as good (perhaps even better) than Chinese ones. And now, FireEye has reminded . . .
Read more »

Bits and Bytes

By
Monday, October 27, 2014 at 5:02 PM

Two cyber related items today: The FCC is now in the cybersecurity business.  It’s $10M fine is the first of its kind to be levied against a telecom that, allegedly, stored personal information with inadequate firewalls, encryption and password protection.  We now face the exciting prospect of regulatory competition — the FCC will regulate cybersecurity . . .
Read more »

Border Security Today

By
Friday, October 10, 2014 at 1:55 PM

DHS Secretary Jeh Johnson gave a very useful speech earlier this week at the Center for Strategic and International Studies.  Entitled “Border Security in the 21st Century,” it provides a detailed overview of how our effort to secure the border (most notably, of course, the southwestern border) has matured in this century.  The entire text . . .
Read more »