When I wrote, last week, about the insecurity of Gmail, I was intending to gently mock the idea that the CIA might have such a bad sense of how Gmail works (and the Terms of Service under which it … Read more »

I’ve been in Germany all week (at the George C. Marshall Center which, for those who don’t know, is a joint US-Germany military think tank and an altogether wonderful place to visit) so I missed some of the details of … Read more »

Yesterday, I noted the DoD report which, for the first time, reflected a determination by the US government that a number of cyber intrusions were “attributable directly to the Chinese government and military.”  Today, quite predictably, the Chinese government denied … Read more »

As most readers are aware, in the midst of the national turmoil following the bombings in Boston, the House of Representatives passed a version of the Cybersecurity Intelligence Sharing and Protection Act (CISPA) by a vote of 288-127. As I … Read more »

OK … it isn’t that bad.  But it does say something when it is noteworthy that DoD has now officially acknowledged that the Chinese military are a source of cyber intrusions in the United States. The full text of the … Read more »

One of the fun parts of working in the cybersecurity field is that you often come across new technology that is interesting, dismaying, disturbing or just plain cool.  Sometimes the technology is all of those at the same time.  And … Read more »

As Raffaela has already noted, in today’s Washington Post there is a fascinating story about government plans to require new cyber communications technologies to provide a means by which the government can intercept communications.  The problem, briefly stated, is … Read more »

In mid-March, I noted a speech by Home Secretary Theresa May, in which she advanced the idea that the UK should consider withdrawing from the European Convention on Human Rights.  As I noted then, the European Court on Human … Read more »

This report from today’s Wall Street Journal is fascinating.  It involves the decision of a Magistrate Judge to deny a government application for a search warrant in which the government proposed to install surreptitious software on the target computer (putatively … Read more »

Einstein 3 is the Federal Government’s expanded system for protecting Federal cyber networks through the inspection of all traffic heading to Federal networks.  It is both an intrusion detection and an intrusion prevention system which operates at the gateways to … Read more »

Readers of this blog will know that I have been skeptical of the International Telecommunications Union and its efforts to update the International Telecommunications Regulations.   I still  am cautious about this, but I had the pleasure of meeting the Secretary … Read more »

The House of Representatives has passed the Cybersecurity Intelligence Sharing and Protection Act, by a vote of 288-127.  This happened after several amendments were adopted (most notably one offered by Rep. McCaul to make DHS the venue for information … Read more »

Michael J. Glennon, of Tufts University, has an important new piece out entitled “The Dark Future of Cybersecurity Regulation.“  It’s a realistic view, in my judgement, of the prospects of international cyber treaties.  Here’s a taste from the … Read more »

It was a busy day on the House side in Cyber.  The House Rules Committee reported out the Cybersecurity Intelligence Sharing and Protection Act for consideration on the House floor tomorrow.  Meanwhile the White House issued a Statement of Administration … Read more »

As readers of this blog know, many in the US have begun to debate the legal and policy questions surrounding private sector “hack back,” also sometimes known as “active defenses.”  Of course to some of us these defensive measures look … Read more »

As America continues to consider legislation for improving cybersecurity, the actions of other Western nations may (or may not) be of influence and interest.  I recently received a management summary of the proposed German IT security legislation being drafted by … Read more »

The House Intelligence Committee has released a new draft of the Cybersecurity Intelligence Sharing and Protection Act.  I think it is fair to say that the bill is becoming increasingly more moderate as it goes through iterations.  As originally … Read more »

On the “unusual coincidence” scale this one is pretty high.  Just days after I post a short blog about the idea of changing liability rules for private sector actors in cyberspace, the New York Times publishes an op-ed by … Read more »

I hope you will forgive me a bit of self-congratulation.  Today, The Great Courses released a video course that I did for them entitled Thinking about Cybersecurity: From Cyber Crime to Cyber Warfare.   The course is a less academic … Read more »

Those who follow the blog will know that I am skeptical of the government’s ability to construct a regulatory system for enhancing cybersecurity standards.  I am often asked, however: “well, then what do you support?”   I am pleased to … Read more »

Last week I noted that the House Judiciary Committee was  circulating a proposal to reform the Computer Fraud and Abuse Act that was mostly a wish list for the Department of Justice.  Yesterday a diverse group of organizations and individuals … Read more »

Last year, as Congress debated cybersecurity, some worried about an “internet kill switch” — that is, the authority for the President to order access to the internet cut off.  As the debate resumes this year, it is worth … Read more »

The Economist has an excellent short article on the growing market for zero-day exploits (that is, vulnerabilities in software).  As my friend Chris Soghoian observed there is more information here than ever before in public sources on the zero-day market.  … Read more »

The European Union has begun consideration of a new Data Protection Directive that is intended to protect personal information from uwarranted disclosure by corporations or governments.  Among the more controversial aspects of the proposal is the idea of a “Right … Read more »

The House Judiciary Committee has released a draft cyber bill that would modify the Computer Fraud and Abuse Act.  The bill is on a fast track as the House hopes to have a week of “cyber” legislation in the middle … Read more »

My wife and I live on Capitol Hill.  Every morning we go for a walk.  Today, at 9 AM, as we were coming up the Hill we passed the Supreme Court …. where the line for attending the same-sex marriage … Read more »

Who says that bipartisanship is dead and that our legislative process doesn’t work.  For those who despair in all cases, take note today of the joint effort by Senators Leahy and Lee to update the Electronic Communications Privacy Act.  … Read more »

I was really struck by Raffa’s post last week on how to visualize Senator Paul’s drone filibuster.  It reminded me of the truth I learned long ago in a class taught by Ed Tufte — that a good picture with … Read more »

The hits just keep coming today for me — a flood of useful things to post.  This one is about a speech that the UK Home Secretary, Theresa May, gave yesterday in which she proposed that the UK consider withdrawing … Read more »

On a good day, cybersecurity is the topic that keeps on giving. Today is one of those days.  I just received a copy of the CRS report, Cybersecurity: Authoritative Reports and Resources which is, as its name suggests, a compendium … Read more »

Raffaella has already beaten me to the punch with her link to Tom Donilon’s speech yesterday to the Asia Society.  For those who want a short version, here’s today’s report in the New York Times.  And for those who want … Read more »

For those of our readers who are members of the Federalist Society, its next “teleforum” conference call is tomorrow (Tuesday 3/12) at 2 p.m. (EST) on the subject of “Cybersecurity And the Chinese Hacker Problem.” The three panelists are Richard … Read more »

An old Yiddish definition of chutzpah is the young man who murders both his parents in cold blood and then throws himself on the mercy of the court because he is an orphan.  Today we have a new Chinese definition … Read more »

Joel Brenner, the former National Counterintelligence Executive at ODNI has an interesting piece in Foreign Policy, entitled “Gray Matter.” [Free login required]. Here’s an excerpt:

We’re in a strategic trap that’s partly economic and partly in our heads.

… Read more »

Breaking news late on a Friday afternoon, addressing both cybersecurity and homeland security/border issues.  The Ninth Circuit sitting en banc has decided US v. Cotterman, a case involving the search of a computer laptop by DHS agents at the … Read more »

Much of what passes for analysis of cyber threats these days is episodic and anecdotal.  I confess, reluctantly, that despite my own best efforts I sometimes fall into that trap.  I also confess that sometimes anecdotes are clarifying and symbolic, … Read more »

Last year, the House Intelligence Committee passed out a bill, the Cyber Intelligence Sharing and Protection Act (CISPA) that eventually was adopted with bipartisan support in the House of Representatives.  The bill drew a veto threat from President Obama and … Read more »

The old joke goes:  “What’s denial?”  Answer: “A river in Egypt.”  Apparently it now flows through China too.  Here’s a taste from Global Times:

The absurd allegation that a Chinese military unit is behind cyber attacks against the US government

… Read more »

Gary Shiffman and Ravi Gupta have written an interesting new article: “Crowdsourcing cyber security: a property rights view of exclusion and theft on the information commons.” From the abstract:

Individuals increasingly rely upon the internet for basic economic

… Read more »

Apropos of our discussion last week about “Taming the Cyber Dragon” today’s New York Times has an extensive report on how China’s army is directly linked to hacking inside the United States.  For those who want the unvarnished underlying … Read more »

One of the most notable challenges in dealing with cybersecurity is the difficulty of adequately conveying the scope and size of cyberspace.  It’s easy to say that there are nearly 2.5 billion internet users in the world (35% of the … Read more »

While Ben has often mocked the New York Times for its opinions, the Washington Post has mostly escaped our attention.  To a large degree this reflects the level-headedness of its opinions.  So when it slips into an alternate universe of … Read more »

For those who will be in DC on the 27th, I highly recommend this event.  Detailed agenda below the jump:

The Journal of National Security Law & Policy and

The Georgetown Center on National Security and the Law

cordially invite … Read more »

As Rafaella reported last night, President Obama went “all-in” on cybersecurity last night, marrying a substantive mention of cyber in his State of the Union address (I’m bitter about  that — I bet against it, which shows you how … Read more »

CNN is reporting that TSA has announced the removal of all Rapiscan X-ray backscatter airport machines, to be accomplished no later than June 2013.  The backscatter machines (the big boxy ones like the one in this post) were thought to … Read more »

With some hesitancy at the sense of shameless self-promotion it necessarily entails, I am very pleased to to announce today that my book Cyber Warfare:  How Conflicts in Cyberspace are Challenging America and Changing the World is now available from … Read more »

If you do, perhaps you might also be willing to buy a cyber certificate from TURKTRUST.INC.

TURKTRUST is a certificate authority.  That means that it is authorized to issue certificates which tell you that you’ve reached an authentic web site.  … Read more »

The aphorism is a commonplace – if you find yourself in a hole, the first thing to do is to stop digging.  I sometimes wonder if our cyber developers understand that problem.

Today’s case in point is the NextGen air … Read more »

At this season every year, I think of the story of the Christmas truce of 1914 in the trenches of the Western Front.  With warm wishes to all of of Lawfare’s readers and especial thanks to those of our readers … Read more »

As Bobby has already noted the conference report on the NDAA was filed last night.  Some readers may recall that I was concerned about section 936 of the Senate version of the bill – a provision that requires Defense contractors … Read more »