Skip to content

Category Archives: Cybersecurity

Bits and Bytes

By
Saturday, April 19, 2014 at 9:03 AM

India suggests renaming the Internet.  Not, apparently, a joke: “In a major diplomatic initiative, India is all set to challenge the U.S.’ hegemony of the World Wide Web at a global meet on Internet governance in Sao Paulo (Brazil) next week. India has decided to propose renaming of Internet as ‘Equinet’ so that all nations . . .
Read more »

Fourth Circuit Decision in Lavabit

By
Wednesday, April 16, 2014 at 2:33 PM

Readers will recall the Lavabit case in the Fourth Circuit, which I earlier described here, and here.  Lavabit ran an encrypted email service allegedly used for communication by Edward Snowden.  As part of its investigation, the US government sought to have Lavabit turn over the private encryption SSL key that would have decrypted Snowden’s mail . . .
Read more »

House Judiciary Hearing on ICANN

By
Friday, April 11, 2014 at 10:24 AM

I testified yesterday at the House Judiciary Committee hearing on the proposed transfer of the IANA function to ICANN.  You can find my testimony (and that of the other witnesses) at the committee web site.   I was struck, at the hearing, by a few items that seem worth noting: The Administration’s testimony was, essentially, to . . .
Read more »

Bits and Bytes — Open SSL Bug

By
Wednesday, April 9, 2014 at 8:00 AM

The disturbing news comes courtesy of Nicole Perlroth of the New York Times.  Apparently there is a significant bug in the Open SSL protocol that provides most of the https security on the network.  Here’s the lede: The tiny padlock icon that sits next to many web addresses, suggesting protection of users’ most sensitive information . . .
Read more »

Wynhdam v. FTC Decided

By
Tuesday, April 8, 2014 at 11:54 AM

Some time ago I called Wyndham v. FTC the “most important cybersecurity case you’ve never heard of.”  Well, it was decided today.  For those who need a reminder, the case involved the FTC’s effort to use its general power to regulate “unfair” business practices as a means of compelling consumer organizations like Wyndham hotels to . . .
Read more »

Wishful Thinking Department

By
Monday, April 7, 2014 at 1:29 PM

Conversation at the Rosenzweig breakfast table this morning: Wife:  “That’s just dreaming.” Me: “What?” Wife (pointing to front page New York Times article): “Thinking that the Chinese will become more transparent.” Apparently, the US has been giving the Chinese briefings on “the Pentagon’s doctrine for defending against cyberattacks against the United States — and for . . .
Read more »

Bits and Bytes — Military Focus

By
Monday, April 7, 2014 at 8:15 AM

Three items of particular interest to our cyber warfare aficionados in today’s Bits and Bytes (plus one lagniappe on the Internet of Things): Developments in Iranian Cyber Warfare 2013-14.  From the Institute for National Security Studies in Israel:  “Over the course of 2013, Iran became one of the most active players in the international cyber . . .
Read more »

Congress Considers the IANA Transfer to ICANN

By
Friday, April 4, 2014 at 2:02 PM

As we noted earlier, the Administration is proposing to transfer a significant Internet function (the Internet Assigned Numbers Authority) to an international NGO.  As you may imagine the proposal has generated some discussion in Congress.  On April 2, the House Commerce Committee held a hearing on the proposal, and the House Judiciary Committee is planning . . .
Read more »

Three Speeches on Cybersecurity by Dan Geer

By
Thursday, April 3, 2014 at 3:00 PM

Cyber security maven Dan Geer has given three speeches in the last six months that are worth a read: (a) APT in a World of Rising Interdependence, given last month at the NSA; (b) We Are All Intelligence Officers Now, given at the RSA Conference in February; and (c) Trends in Cyber Security, given at NRO last November. . . .
Read more »

Defining Success for the ICANN Transition

By
Monday, March 24, 2014 at 8:15 AM

Last week, the Administration announced its plan to devolve governance of the Internet’s naming function (which goes by the acronym IANA) to a non-profit organization, the Internet Corporation for Assigned Names and Numbers (or ICANN).  If implemented, the Administration’s plan will remove the last vestiges of direct American legal control over the Internet.  This is, . . .
Read more »

The NYT on NSA’s Huawei Penetration [UPDATED]

By
Saturday, March 22, 2014 at 8:41 PM

David Sanger and Nicole Perlroth report about how the NSA has successfully placed backdoors into the networks of the Chinese Telecommunications giant Huawei for purposes of (a) discerning Huawei’s links to the People’s Liberation Army and (b) preparing for offensive operations in third countries.   It also has some detail (apparently based on leaks other than . . .
Read more »

Snowden Disclosures and Norms of Cyber-Attacks

By
Thursday, March 20, 2014 at 11:00 AM

Secrecy—of the sort that typically shrouds cyber-defense and cyber-attack capabilities and doctrine—complicates the development of international norms.  Secrecy makes it difficult to engage in sustained diplomacy about rules.  Officials can talk about them at high levels of generality, but can’t get very specific, and it’s therefore hard to reach agreement.  Secrecy makes it difficult to . . .
Read more »

Legal Limits on the Transfer of Control to ICANN

By
Wednesday, March 19, 2014 at 10:00 AM

As I wrote earlier this week, the big news recently in cyberspace was the announcement by the Department of Commerce, National Telecommunications and Information Administration, that it planned to effectuate a transfer of control of the Internet Assigned Numbers Authority to the the Internet Corporation for Assigned Names and Numbers, a non-profit corporation.  At the . . .
Read more »

A Modest Proposal for NSA

By
Tuesday, March 18, 2014 at 11:29 AM

I had an idea the other day—a way for NSA to serve the national interest, do good for humanity, and improve its public image all at once. Drum roll, please! NSA should get into the business of publishing trade secrets stolen from companies in countries that conduct active industrial espionage against U.S. companies. Before you . . .
Read more »

Gen. Keith Alexander: We Will Miss You

By
Saturday, March 15, 2014 at 6:45 PM

Throughout American history occasional strategic thinkers have transformed the way we think about new domains of warfare and security. Alfred Thayer Mahan conceived of the geostrategic role of sea power in a way that deeply influenced ideas about the role and importance of naval capabilities. General Billy Mitchell predicted the revolutionary effects of air power . . .
Read more »

Who Controls the Internet Address Book? ICANN, NTIA and IANA

By
Saturday, March 15, 2014 at 3:10 PM

It is almost axiomatic in Washington, that the bureaucracy buries news of which it is not proud with a release late in the day on a Friday afternoon.  Though it is a bit harsh to say so, one suspects that the Department of Commerce felt that way about its announcement yesterday that the United States . . .
Read more »

Video of Vice Adm. Rogers Confirmation Hearing

By
Tuesday, March 11, 2014 at 10:42 PM

Here’s the video to today’s confirmation hearing before the Senate Armed Services Committee for the confirmation of Navy Vice Admiral Michael Rogers to direct the NSA.

A Non-Trivial Editing Matter at U.S. Strategic Command?

By
Monday, March 10, 2014 at 9:52 AM

Here’s a random tidbit. U.S. Cyber Command is a subcommand of the U.S. Strategic Command.  On the Stratcom web site is a fact sheet about U.S. Cyber Command. According to Internet archives, on May 27, 2012, the fact sheet for U.S. Cyber Command said the following about USCYBERCOM’s mission: USCYBERCOM is responsible for planning, coordinating, . . .
Read more »

Security Programs take Center Stage in Austin During South by Southwest

By
Thursday, March 6, 2014 at 6:57 PM

If you’ve never been to Austin during South by Southwest, you are truly missing out.  SXSW season begins today with the SXSW Interactive and Film Festivals, and I’m happy to report that the Strauss Center at UT is sponsoring or co-sponsoring an array of security-and-technology events over the next few days.  I’ll do my best . . .
Read more »

The Continuing Low-Grade Cyber Conflict Between Ukraine and Russia

By
Tuesday, March 4, 2014 at 3:44 PM

The Russia-Ukraine conflict is quickly becoming a textbook example of low-grade cyber tactics that will likely occur in almost all future conflicts.  It has yet to, thankfully, graduate to a full-scale cyber assault, but we are seeing a number of back-and-forth moves that paint the picture of two contestants feeling each other out, but not . . .
Read more »