Skip to content

Posts by Paul Rosenzweig

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Distinguished Visiting Fellow at the Homeland Security Studies and Analysis Institute. He also serves as a Professorial Lecturer in Law at George Washington University, a Senior Editor of the Journal of National Security Law & Policy, and as a Visiting Fellow at The Heritage Foundation.

Bits and Bytes

By
Wednesday, July 23, 2014 at 3:25 PM

A distinctly conflict oriented flavor today: Inside Anonymous’ Cyber War Against the Israeli Government.  “The shadowy hacker collective known as Anonymous has announced it will launch a round of cyber-attacks this Friday against the Israeli government, in retaliation for Israel’s ongoing military intervention in Gaza. This onslaught would add to a wave of cyber assaults staged . . .
Read more »

CISA Boom Bah …

By
Tuesday, July 22, 2014 at 4:53 PM

Sorry, I just couldn’t resist the title which does not reflect my true feelings about CISA, the Cybersecurity Information Sharing Act of 2014.  Approved earlier this month by the Senate Intelligence Committee, this bill awaits Senate floor action.  In the current environment, I think its legislative prospects are modest (though perhaps we might see it . . .
Read more »

Progress on NSA Reform?

By
Tuesday, July 22, 2014 at 4:29 PM

So reports the LA Times.  Here’s a short summary: As part of the deal, the intelligence community agreed to a stricter definition of the search terms the NSA may use to seek data from telephone companies that might be useful in connecting the dots between known terrorists, said the official who would not be identified . . .
Read more »

The Loss of MH17 Over Ukraine

By
Thursday, July 17, 2014 at 4:04 PM

Much will, no doubt, be written about the destruction of Malaysian Flight 17 today over Ukraine.  Early speculation is that the plane may have been destroyed by Ukrainian separatists, who deny the charge.  War on the Rocks (a generally useful military blog) has collected many of the most relevant bits of data that form the . . .
Read more »

Bits and Bytes

By
Tuesday, July 8, 2014 at 9:15 AM

China hacks DC Think Tanks. “Middle East experts at major U.S. think tanks were hacked by Chinese cyberspies in recent weeks as events in Iraq began to escalate, according to a cybersecurity firm that works with the institutions.”  [Heads-up Brookings, AEI, Hoover, Lawfare, Heritage, CSIS, CAP, etc.] Russian arrested in Guam on hacking charges.  “A Russian man accused . . .
Read more »

Happy Fourth of July

By
Friday, July 4, 2014 at 12:04 PM

A great version from the Gaither Vocal Band:

A Taxonomy of Cyber War IHL Questions

By
Thursday, July 3, 2014 at 11:50 AM

I have been asked to write a chapter, tentatively entitled “Law and Warfare in the Cyber Domain,” for the next edition of Moore, Roberts & Turner, eds., National Security Law.  As part of that effort, I have been thinking about where the gaps are in the domain of international humanitarian law as applied in cyberspace.  . . .
Read more »

Bits and Bytes

By
Monday, June 30, 2014 at 11:56 AM

While the rest of the world is watching the Supreme Court’s final decision day of the year, it’s been a busy time in the cyber world as well.  Herewith seven (!) bits and bytes of interest, in no particular order: Facebook’s Psych Experiment.  You’ve no doubt read that Facebook manipulated news feeds as an experiment. . . .
Read more »

Blue Force Tracker

By
Sunday, June 29, 2014 at 11:58 AM

For those who follow events relating to armed conflict, including the laws of war, there is a new resource available — Blue Force Tracker.  BFT is an app now available free download on the Apple or Google Play stores. From the announcement (full disclosure:  the founder, Nolan Peterson, is a former student of mine): Blue . . .
Read more »

Seizing Iran’s Domain Name — .IR

By
Friday, June 27, 2014 at 3:08 PM

As we have noted in the past, there is a brewing fight over who controls the naming function for the internet.  I suspect that some who’ve read these posts have wondered if they were truly germane to national security — the nominal subject matter of this blog.  Today, we find a bit more evidence of . . .
Read more »

Bits and Bytes

By
Monday, June 23, 2014 at 12:16 PM

Cyber Attack on Hong Kong Among Largest Ever.  “The online voting platform for the unofficial referendum now underway on Hong Kong’s political future has been subjected to one of the most severe cyberattacks of its kind ever seen, according to the head of the Internet security company tasked with protecting it.”  [None of the attack . . .
Read more »

How Dumb Is This?

By
Monday, June 23, 2014 at 12:08 PM

I yield to nobody in my capacity to be surprised by Congress, but sometimes even I get a bit of a shock.  I totally get the idea that everyone is angry at the NSA.  And, indeed, I’ve spoken publicly about my particular disappointment that the NSA may have (if reports are accurate) deliberately degraded encryption . . .
Read more »

Weekend Reading — the 2014 QHSR

By
Friday, June 20, 2014 at 5:46 PM

Back in 2006 or so, we had a great idea — the Department of Homeland Security should do a quadrennial review, just as DOD does.  Thus was born the QHSR — the Quadrennial Homeland Security Review.  The first such one was completed in 2010 and now, like clockwork, the second ever QHSR is out — . . .
Read more »

The Strange Demise of TrueCrypt and What It Says About Cybersecurity

By
Wednesday, June 18, 2014 at 11:31 AM

A small earthquake happened at the end of May – a well-regarded, widely known encryption program called TrueCrypt shut its doors. For those who care about surveillance, encryption, and open-source methodologies, the change was abrupt and disturbing. It’s the type of thing that goes unnoticed by the broader public, but has quiet effects that should . . .
Read more »

Rogers Throws A Flag

By
Wednesday, June 18, 2014 at 8:00 AM

Last week, as I noted in Bits and Bytes, the Chairman of the FCC, Tom Wheeler, gave a speech at AEI in which he claimed a role for the FCC in advancing cybersecurity. Today, Rep. Mike Rogers threw a flag.  In a letter to the FCC, he wrote that the speech “lead[s] us [Rep. Pompeo . . .
Read more »

Feinstein-Chambliss Cybersecurity Info Sharing Bill

By
Tuesday, June 17, 2014 at 3:18 PM

The Chair and Vice-Chair of the Senate Select Committee on Intelligence, Senators Feinstein and Chambliss have introduced a draft cybersecurity information sharing bill.  Early coverage of the bill from Inside Cybersecurity is here.  My own quick analysis: The requirement to remove personally identifying information from shared cyber threat information is both critical to securing buy . . .
Read more »

7th Circuit Rejects Foreign Surveillance Disclosure Order

By
Monday, June 16, 2014 at 4:28 PM

The case is US v. Daoud.  The district court had ordered disclosure of certain FISA materials that were classified to defense counsel.  The 7th Circuit, per Judge Posner, reversed.  The money quote: The judge appears to have believed that adversary procedure is always essential to resolve contested issues of fact. That is an incomplete description . . .
Read more »

Reforms and Standards for the ICANN Transition

By
Monday, June 16, 2014 at 2:37 PM

Along with three co-authors, I’ve just released a paper through The Heritage Foundation entitled: “Protecting Internet Freedom and American Interests: Required Reforms and Standards for ICANN Transition.”  In the paper we lay out a series of recommendations for the transition of control over the internet naming function to ICANN.  Here is the abstract: The U.S. . . .
Read more »

Bits and Bytes

By
Friday, June 13, 2014 at 9:09 AM

A few items that caught my eye: FCC unveils new regulatory paradigm — “In recent months, the Federal Communications Commission has quietly worked to expand its role among federal agencies charged with protecting the nation’s networks from cyberattack. On Thursday, the agency sought to take the lead again, unveiling a new regulatory model aimed at helping . . .
Read more »

“Greetings from the Chinese Embassy”

By
Friday, June 13, 2014 at 8:00 AM

“Greetings from the Chinese Embassy.”  That’s how the email opened.  It was an invitation to lunch (or tea) with a counselor in the embassy to discuss cybersecurity.  How could I say “no?”  So I went to lunch the other day.  It was, on the whole, altogether pleasant, and relatively unsurprising, but worth noting nonetheless for . . .
Read more »