Skip to content

Category Archives: Cybersecurity

A Tidbit From an Old NSA Document (2000)

By
Thursday, April 16, 2015 at 10:11 PM

Browsing through an old NSA document called Transition 2001, dated December 2000, I came across this tidbit on page 3. “In transforming the cryptologic system, the NSA/CSS must shift significant emphasis and resources from current products, services, and targets to the modern and anticipated information technology environment for both SIGINT and information assurance. The NSA/CSS . . .
Read more »

On Hacking A Passenger Airliner (GAO report)

By
Thursday, April 16, 2015 at 12:29 PM

Several news stories today have highlighted a recently released GAO report which stated that “Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems.” True enough. The fundamental problem arises from the fact that the modern passenger aircraft have two networks, one for avionics and airplane . . .
Read more »

Homeland Security Committee’s Cyber Bill a Missed Opportunity

By
Tuesday, April 14, 2015 at 5:15 PM

Today, the House Homeland Security Committee marked up a cybersecurity information sharing bill that promised to be “the best of bunch” in terms of civil liberties protections among the cybersecurity information sharing bills that Congress is currently considering. Unfortunately, the bill misses the mark in a key respect. The problem starts with the fact that . . .
Read more »

A Primer on Globally Harmonizing Internet Jurisdiction and Regulations

By
Tuesday, April 14, 2015 at 3:29 PM

That is the title of a paper I recently co-authored with former Secretary of Homeland Security, Michael Chertoff.  We wrote it for the Global Commission on Internet Governance, a commission chaired by former Swedish Prime Minister Carl Bildt.  Here’s the introductory paragraph: We stand on the cusp of a defining moment for the Internet, and . . .
Read more »

On the Issue of “Jurisdiction” over ICANN

By
Wednesday, April 8, 2015 at 9:56 AM

By now readers of this blog know, the United States is in the midst of a transition that will, when completed, give up its contractual control of the Internet Assigned Numbers Authority (IANA).  That authority is currently conducted by the Internet Corporation for Assigned Names and Numbers (ICANN) under contract to the Department of Commerce.  . . .
Read more »

Review of Schneier’s Data and Goliath

By
Tuesday, April 7, 2015 at 11:30 AM

Over at The New Rambler Review – a new online book review site that I highly recommend – I have a piece on Bruce Schneier’s new book, Data and Goliath.  An excerpt that provides a sense of the book: Data and Goliath is an informed, well-written, accessible, and opinionated critique of “ubiquitous mass surveillance” by governments . . .
Read more »

Entertainment IS Critical Infrastructure — Who Knew?

By
Thursday, April 2, 2015 at 1:18 PM

I stand corrected.   Yesterday, in my post about the new cyber-sanctions EO I made the point that it wouldn’t apply to the Sony hack because Sony was not critical infrastructure.  I was wrong, as several people, including our own Herb Lin, graciously pointed out. I knew, of course, that Commercial Facilities, were a critical infrastructure . . .
Read more »

A Worry About the New Executive Order on Sanctions for Malicious Cyber Activity

By
Thursday, April 2, 2015 at 12:23 AM

As Paul Rosenzweig noted earlier today in Lawfare, the President just signed out an Executive Order that can result in the imposition of financial sanctions on a variety of bad actors that ply their trade through cyber means or against important cyber assets and/or restrictions or bans on travel to the United States on such . . .
Read more »

Executive Order on Cyber Sanctions

By
Wednesday, April 1, 2015 at 2:00 PM

President Obama has, today, issued an executive order entitled, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities.”  On first glance it looks like a strong step in the right direction. The EO is notable not just for what it does, but for how it characterizes the malicious cyber activity.  It is . . .
Read more »

“The Future of Violence” on Diane Rehm

By
Monday, March 30, 2015 at 5:02 PM

This morning, Gabriella Blum and I had the pleasure of appearing on the Diane Rehm Show to discuss The Future of Violence: Robots and Germs, Hackers and Drones——Confronting A New Age of Threat. It was a good discussion for those who missed the book’s launch event at Brookings. Here’s the audio:

Further Reflections on NOBUS (and an Approach for Balancing the Twin Needs for Offensive Capability and Better Defensive Security in Deployed Systems)

By
Saturday, March 21, 2015 at 8:14 PM

In a previous post, I commented on the Nobody-But-Us (NOBUS) view of the world. My original post says that the real technical question raised by NOBUS is how long nobody-but-us access can be kept for a given proposed system. Since then, I’ve received comments from a number of people who have cited one example or . . .
Read more »

An Update on the White House’s CTIIC Proposal

By
Monday, March 16, 2015 at 5:03 PM

In the wake of the White House announcement that it is going to create the Cyber Threat Intelligence Integration Center (CTIIC), I wrote an essay for Lawfare regarding lessons for CTIIC that might be drawn from the experience of the National Counterterrorism Center (NCTC).  After I wrote the essay—but before it appeared on Lawfare—the White . . .
Read more »

Groundhog Day in the Senate

By
Friday, March 13, 2015 at 4:18 PM

One of my favorite movies has always been Bill Murray’s Groundhog Day.  Besides the great acting from Murray (and co-star Andie MacDowell) it’s a wonderful exposition of the definition of insanity — doing the same thing over and over again expecting a different result. By that definition, you have to wonder about the sanity of . . .
Read more »

What We Must Do about Cyber

By
Tuesday, March 10, 2015 at 3:00 PM

Last week Amy Zegart noted the rapid rise of cyber in the DNI Annual Threat Assessment. As she observed, Cyber is listed as threat number 1 but it’s only been number 1 since 2012, suggesting just how fast the cyber threat landscape is changing. As late as 2009, cyber appeared toward the very end of . . .
Read more »

On Cyber Arms Control (Apropos of the New York Times Editorial)

By
Saturday, March 7, 2015 at 1:57 PM

A bit late, but one more observation about the New York Times editorial calling for cyber arms control. In their words, “the best way forward [to reduce cyber threats] is to accelerate international efforts to negotiate limits on the cyberarms race,” in much the same way that we did with the nuclear arms control treaties . . .
Read more »

FREAK: Security Rollback Attack Against SSL

By
Friday, March 6, 2015 at 11:00 AM

This week we learned about an attack called “FREAK”—“Factoring Attack on RSA-EXPORT Keys”—that can break the encryption of many websites. Basically, some sites’ implementations of secure sockets layer technology, or “SSL,” contain both strong encryption algorithms and weak encryption algorithms. Connections are supposed to use the strong algorithms, but in many cases an attacker can . . .
Read more »

Email Privacy, Overseas Jurisdiction, and the 114th Congress

By
Friday, March 6, 2015 at 9:00 AM

Everything old is new again.  Two years ago, I wrote about a bipartisan effort (in which I was and still am participating) to update the Electronic Communications Privacy Act.  That effort, sadly, went nowhere. I am, however, happy to report that progress is being made to revive that effort in the 114th Congress.  This year . . .
Read more »

Hillary’s Email

By
Wednesday, March 4, 2015 at 3:24 PM

By now, most readers will be familiar with the news reports that Hillary Clinton used a personal email account ([email protected]) for her official work while Secretary of State.  Most of the news has been about whether or not this action violated federal record-keeping requirements but few (Shane Harris being a notable exception) are asking the . . .
Read more »

The Intelligence Studies Essay: CTIIC—Learning from the Choices and Challenges that Shaped the National Counterterrorism Center

By
Wednesday, March 4, 2015 at 10:30 AM

Update:  After this essay was written, but before it was posted, the White House issued a memo and accompanying Fact Sheet further elaborating on its plans for CTIIC.  For commentary on how those documents relate to the original essay, see this post. A Cyber Threat Intelligence Integration Center (CTIIC) established by the Director of National . . .
Read more »

Live: Herb Lin Testifies Before House Energy and Commerce Committee

By
Tuesday, March 3, 2015 at 1:45 PM

Today at 2:00 pm, Lawfare’s Herb Lin, along with Richard Bejtlich and Gregory Shannon, will provide testimony before the House Energy and Commerce Committee on “Understanding the Cyber Threat and Implications for the 21st Century Economy.” Herb’s remarks as prepared are available here.