Skip to content

Category Archives: Cybersecurity

Further Reflections on NOBUS (and an Approach for Balancing the Twin Needs for Offensive Capability and Better Defensive Security in Deployed Systems)

By
Saturday, March 21, 2015 at 8:14 PM

In a previous post, I commented on the Nobody-But-Us (NOBUS) view of the world. My original post says that the real technical question raised by NOBUS is how long nobody-but-us access can be kept for a given proposed system. Since then, I’ve received comments from a number of people who have cited one example or . . .
Read more »

An Update on the White House’s CTIIC Proposal

By
Monday, March 16, 2015 at 5:03 PM

In the wake of the White House announcement that it is going to create the Cyber Threat Intelligence Integration Center (CTIIC), I wrote an essay for Lawfare regarding lessons for CTIIC that might be drawn from the experience of the National Counterterrorism Center (NCTC).  After I wrote the essay—but before it appeared on Lawfare—the White . . .
Read more »

Groundhog Day in the Senate

By
Friday, March 13, 2015 at 4:18 PM

One of my favorite movies has always been Bill Murray’s Groundhog Day.  Besides the great acting from Murray (and co-star Andie MacDowell) it’s a wonderful exposition of the definition of insanity — doing the same thing over and over again expecting a different result. By that definition, you have to wonder about the sanity of . . .
Read more »

What We Must Do about Cyber

By
Tuesday, March 10, 2015 at 3:00 PM

Last week Amy Zegart noted the rapid rise of cyber in the DNI Annual Threat Assessment. As she observed, Cyber is listed as threat number 1 but it’s only been number 1 since 2012, suggesting just how fast the cyber threat landscape is changing. As late as 2009, cyber appeared toward the very end of . . .
Read more »

On Cyber Arms Control (Apropos of the New York Times Editorial)

By
Saturday, March 7, 2015 at 1:57 PM

A bit late, but one more observation about the New York Times editorial calling for cyber arms control. In their words, “the best way forward [to reduce cyber threats] is to accelerate international efforts to negotiate limits on the cyberarms race,” in much the same way that we did with the nuclear arms control treaties . . .
Read more »

FREAK: Security Rollback Attack Against SSL

By
Friday, March 6, 2015 at 11:00 AM

This week we learned about an attack called “FREAK”—“Factoring Attack on RSA-EXPORT Keys”—that can break the encryption of many websites. Basically, some sites’ implementations of secure sockets layer technology, or “SSL,” contain both strong encryption algorithms and weak encryption algorithms. Connections are supposed to use the strong algorithms, but in many cases an attacker can . . .
Read more »

Email Privacy, Overseas Jurisdiction, and the 114th Congress

By
Friday, March 6, 2015 at 9:00 AM

Everything old is new again.  Two years ago, I wrote about a bipartisan effort (in which I was and still am participating) to update the Electronic Communications Privacy Act.  That effort, sadly, went nowhere. I am, however, happy to report that progress is being made to revive that effort in the 114th Congress.  This year . . .
Read more »

Hillary’s Email

By
Wednesday, March 4, 2015 at 3:24 PM

By now, most readers will be familiar with the news reports that Hillary Clinton used a personal email account ([email protected]) for her official work while Secretary of State.  Most of the news has been about whether or not this action violated federal record-keeping requirements but few (Shane Harris being a notable exception) are asking the . . .
Read more »

The Intelligence Studies Essay: CTIIC—Learning from the Choices and Challenges that Shaped the National Counterterrorism Center

By
Wednesday, March 4, 2015 at 10:30 AM

Update:  After this essay was written, but before it was posted, the White House issued a memo and accompanying Fact Sheet further elaborating on its plans for CTIIC.  For commentary on how those documents relate to the original essay, see this post. A Cyber Threat Intelligence Integration Center (CTIIC) established by the Director of National . . .
Read more »

Live: Herb Lin Testifies Before House Energy and Commerce Committee

By
Tuesday, March 3, 2015 at 1:45 PM

Today at 2:00 pm, Lawfare’s Herb Lin, along with Richard Bejtlich and Gregory Shannon, will provide testimony before the House Energy and Commerce Committee on “Understanding the Cyber Threat and Implications for the 21st Century Economy.” Herb’s remarks as prepared are available here.

Additional Thoughts on the DNI’s Annual Threat Assessment

By
Monday, March 2, 2015 at 4:05 PM

Jack gave a terrific rapid reaction to the DNI’s 2015 annual threat assessment, delivered last Thursday. Here, I wanted to add a few more brief thoughts comparing this assessment to previous ones. First, the rank ordering of global threats remained almost exactly the same in 2015 as it did in 2014. The top six threats are . . .
Read more »

Happening Now: DNI James Clapper Speaks at the Council on Foreign Relations

By
Monday, March 2, 2015 at 12:55 PM

At the top of the hour, Director of National Intelligence James R. Clapper, Jr. will discuss the state of the intelligence community, and outline the major challenges and successes experienced throughout the last year. You can watch the speech live below:

DNI’s 2015 Worldwide Threat Assessment

By
Friday, February 27, 2015 at 9:14 AM

I highly recommend that Lawfare readers peruse the annual the Worldwide Threat Assessment of the US Intelligence Community, as well as DNI Clapper’s opening statement before the SASC yesterday.  I read both quickly (though I did not watch the hearing).  Both seem less watered-down than usual.  Some highlights: “Cyber” is at the top of the . . .
Read more »

Problems with Cyber Arms Control

By
Thursday, February 26, 2015 at 3:17 PM

The New York Times has an editorial today, calling for an arms control effort in cyberspace.  The Times effort is, honestly, a bit simplistic, as is its conclusion: The tougher challenge is on the global level. Cyberwarfare has already done considerable damage and can lead to devastating consequences. The best way forward is to accelerate . . .
Read more »

Senate Commerce Committee Hearing on “Preserving the Multistakeholder Model of Internet Governance”

By
Wednesday, February 25, 2015 at 9:55 AM

The Senate panel, led by Chairman John Thune (R-SD), will discuss internet governance matters this morning at 10:00 a.m. A livestream can be found at the Commerce Committee’s website; we’ll post embedded video if it is available. The witnesses (with links to testimony): Mr. Fadi Chehadé CEO, Internet Corporation for Assigned Name and Numbers (ICANN) Ambassador . . .
Read more »

Making Progress on the Encryption Debate

By
Tuesday, February 24, 2015 at 1:24 PM

In a recent debate between NSA director Mike Rogers and Yahoo Chief Information Security Officer Alex Stamos, the topic of law-enforcement restricted access to encrypted communications once again came up. To summarize the debate as it has been expressed to date, one side believes in encryption that only the user can decrypt. Those on this . . .
Read more »

The Tricky Issue of Severing US “Control” Over ICANN

By
Tuesday, February 24, 2015 at 5:30 AM

I have written an essay for Hoover’s The Briefing series entitled The Tricky Issue of Severing US “Control” Over ICANN.  Tomorrow the Senate Commerce, Science, and Transportation committee will have an important hearing on this subject.  The hearing is specifically about the Commerce Department’s planned relinquishment of contractual control over the Internet’s domain name system in . . .
Read more »

The Real Story Behind Citizenfour’s Oscar

By and
Monday, February 23, 2015 at 4:21 PM

Like a lot of Lawfare readers, we were pretty surprised by Citizenfour‘s triumph at the Oscars last night. It wasn’t just that there was Glenn Greenwald, foe of all things mainstream, holding—of all things—that picture of establishment respectability, the Oscar. It was, more importantly, the question of who the heck decided to honor this paranoid and self-congratulatory film? . . .
Read more »

Two Historical Notes on Equation

By
Wednesday, February 18, 2015 at 5:25 PM

Yesterday’s New York Times carried a story about how the United States has found a way to “permanently embed surveillance and sabotage tools in [targeted] computers and networks.” If the reporting on Equation is to be believed, the scope and sophistication of the enterprise is truly breathtaking. But the particular technique—hiding malware in the firmware . . .
Read more »

Echoes From the Past on Encryption

By
Wednesday, February 18, 2015 at 3:44 PM

President Obama’s recent comments calling for a public debate on encryption are, as Susan Landau recently pointed out, some much-needed straight talk about the issue. In Susan’s words, “the debate is not about perfect security versus privacy and civil liberties; it is about our society’s willingness to accept risk.” What’s striking about this debate is . . .
Read more »