I’ve been in Germany all week (at the George C. Marshall Center which, for those who don’t know, is a joint US-Germany military think tank and an altogether wonderful place to visit) so I missed some of the details of … Read more »

Yesterday, I noted the DoD report which, for the first time, reflected a determination by the US government that a number of cyber intrusions were “attributable directly to the Chinese government and military.”  Today, quite predictably, the Chinese government denied … Read more »

As most readers are aware, in the midst of the national turmoil following the bombings in Boston, the House of Representatives passed a version of the Cybersecurity Intelligence Sharing and Protection Act (CISPA) by a vote of 288-127. As I … Read more »

OK … it isn’t that bad.  But it does say something when it is noteworthy that DoD has now officially acknowledged that the Chinese military are a source of cyber intrusions in the United States. The full text of the … Read more »

As Raffaela has already noted, in today’s Washington Post there is a fascinating story about government plans to require new cyber communications technologies to provide a means by which the government can intercept communications.  The problem, briefly stated, is … Read more »

This report from today’s Wall Street Journal is fascinating.  It involves the decision of a Magistrate Judge to deny a government application for a search warrant in which the government proposed to install surreptitious software on the target computer (putatively … Read more »

Einstein 3 is the Federal Government’s expanded system for protecting Federal cyber networks through the inspection of all traffic heading to Federal networks.  It is both an intrusion detection and an intrusion prevention system which operates at the gateways to … Read more »

My Brookings colleague Allan Friedman, a technology and cybersecurity expert, sent over this comment on the House’s approval, yesterday, of the Cybersecurity Intelligence Sharing and Protection Act (“CISPA”).  The public discourse about the bill troubles him:

For the past two

… Read more »

Readers of this blog will know that I have been skeptical of the International Telecommunications Union and its efforts to update the International Telecommunications Regulations.   I still  am cautious about this, but I had the pleasure of meeting the Secretary … Read more »

The House of Representatives has passed the Cybersecurity Intelligence Sharing and Protection Act, by a vote of 288-127.  This happened after several amendments were adopted (most notably one offered by Rep. McCaul to make DHS the venue for information … Read more »

Michael J. Glennon, of Tufts University, has an important new piece out entitled “The Dark Future of Cybersecurity Regulation.“  It’s a realistic view, in my judgement, of the prospects of international cyber treaties.  Here’s a taste from the … Read more »

It was a busy day on the House side in Cyber.  The House Rules Committee reported out the Cybersecurity Intelligence Sharing and Protection Act for consideration on the House floor tomorrow.  Meanwhile the White House issued a Statement of Administration … Read more »

As readers of this blog know, many in the US have begun to debate the legal and policy questions surrounding private sector “hack back,” also sometimes known as “active defenses.”  Of course to some of us these defensive measures look … Read more »

As America continues to consider legislation for improving cybersecurity, the actions of other Western nations may (or may not) be of influence and interest.  I recently received a management summary of the proposed German IT security legislation being drafted by … Read more »

The House Intelligence Committee has released a new draft of the Cybersecurity Intelligence Sharing and Protection Act.  I think it is fair to say that the bill is becoming increasingly more moderate as it goes through iterations.  As originally … Read more »

Peter Margulies writes in with the following summary of recent NIST efforts to build a framework for best practices in cybersecurity:

The premise of President Obama’s Cybersecurity Executive Order (EO) is two-fold: first, that cybersecurity is a vital national objective,

… Read more »

On the “unusual coincidence” scale this one is pretty high.  Just days after I post a short blog about the idea of changing liability rules for private sector actors in cyberspace, the New York Times publishes an op-ed by … Read more »

I hope you will forgive me a bit of self-congratulation.  Today, The Great Courses released a video course that I did for them entitled Thinking about Cybersecurity: From Cyber Crime to Cyber Warfare.   The course is a less academic … Read more »

Those who follow the blog will know that I am skeptical of the government’s ability to construct a regulatory system for enhancing cybersecurity standards.  I am often asked, however: “well, then what do you support?”   I am pleased to … Read more »

Last week I noted that the House Judiciary Committee was  circulating a proposal to reform the Computer Fraud and Abuse Act that was mostly a wish list for the Department of Justice.  Yesterday a diverse group of organizations and individuals … Read more »

Last year, as Congress debated cybersecurity, some worried about an “internet kill switch” — that is, the authority for the President to order access to the internet cut off.  As the debate resumes this year, it is worth … Read more »

The Economist has an excellent short article on the growing market for zero-day exploits (that is, vulnerabilities in software).  As my friend Chris Soghoian observed there is more information here than ever before in public sources on the zero-day market.  … Read more »

Today, a National Academy of Public Administration (NAPA) task force released a report mandated by Congress on the risks posed by Section 11 of the STOCK Act, which would require Internet publication of the financial disclosure forms of 28,000 senior … Read more »

The House Judiciary Committee has released a draft cyber bill that would modify the Computer Fraud and Abuse Act.  The bill is on a fast track as the House hopes to have a week of “cyber” legislation in the middle … Read more »

Stewart Baker points to a provision in Congress’s continuing resolution that is the first serious attempt I have seen to punish (as opposed to rail against) China for its cybersecurity practices.    Section 516 of what Stewart describes as “the continuing … Read more »

James Lewis had an op-ed yesterday in the WP about “Five Myths About Chinese Hackers.”  The fifth myth:

5. America spies on China, too, so what can we complain about?

Chinese officials portray their country as a victim of hacking

… Read more »

Matt Waxman has just published a new cyber paper that’s well worth reading. The piece picks up on an earlier article of Matt’s that explored when states might treat cyber-attacks as “force” or “armed attacks” under the U.N. Charter.

In … Read more »

Our colleague Ashley Deeks has just published “The Geography of Cyber Conflict: Through a Glass Darkly,” as part of the Naval War College’s volume of International Law Studies on the geography of war.

The U.S. government has said … Read more »

I was really struck by Raffa’s post last week on how to visualize Senator Paul’s drone filibuster.  It reminded me of the truth I learned long ago in a class taught by Ed Tufte — that a good picture with … Read more »

The Washington Post editorial page has recently been promoting development of a U.S. cyber-strategy through robust public debate.  Today’s editorial continues that argument: It begins by saying that “A recent report by a task force of the Defense Science Board … Read more »

This morning was the Senate Select Intelligence Committee’s open hearing on worldwide threats to the United States. Witnesses included DNI James Clapper, newly-minted CIA Director John Brennan, NCTC Director Matthew Olsen, FBI Director Robert Mueller, Director of the DIA Lt. … Read more »

On a good day, cybersecurity is the topic that keeps on giving. Today is one of those days.  I just received a copy of the CRS report, Cybersecurity: Authoritative Reports and Resources which is, as its name suggests, a compendium … Read more »

Raffaella has already beaten me to the punch with her link to Tom Donilon’s speech yesterday to the Asia Society.  For those who want a short version, here’s today’s report in the New York Times.  And for those who want … Read more »

Today, President Obama’s National Security Advisor, Thomas E. Donilon, spoke at the Asia Society about U.S. policy in the Asia-Pacific region.  Interestingly, he specifically addressed the cyber threat from China—and thus broke with recent practice.  According to the New York … Read more »

For those of our readers who are members of the Federalist Society, its next “teleforum” conference call is tomorrow (Tuesday 3/12) at 2 p.m. (EST) on the subject of “Cybersecurity And the Chinese Hacker Problem.” The three panelists are Richard … Read more »

An old Yiddish definition of chutzpah is the young man who murders both his parents in cold blood and then throws himself on the mercy of the court because he is an orphan.  Today we have a new Chinese definition … Read more »

Joel Brenner, the former National Counterintelligence Executive at ODNI has an interesting piece in Foreign Policy, entitled “Gray Matter.” [Free login required]. Here’s an excerpt:

We’re in a strategic trap that’s partly economic and partly in our heads.

… Read more »

Breaking news late on a Friday afternoon, addressing both cybersecurity and homeland security/border issues.  The Ninth Circuit sitting en banc has decided US v. Cotterman, a case involving the search of a computer laptop by DHS agents at the … Read more »

Much of what passes for analysis of cyber threats these days is episodic and anecdotal.  I confess, reluctantly, that despite my own best efforts I sometimes fall into that trap.  I also confess that sometimes anecdotes are clarifying and symbolic, … Read more »

Last year, the House Intelligence Committee passed out a bill, the Cyber Intelligence Sharing and Protection Act (CISPA) that eventually was adopted with bipartisan support in the House of Representatives.  The bill drew a veto threat from President Obama and … Read more »

NSA General Counsel Rajesh De gave the following address at Georgetown Law School on Wednesday:

Remarks of

Rajesh De, General Counsel, National Security Agency

Georgetown Law School, February 27, 2013

(as prepared for delivery)

Thank you for the introduction and

… Read more »

The old joke goes:  “What’s denial?”  Answer: “A river in Egypt.”  Apparently it now flows through China too.  Here’s a taste from Global Times:

The absurd allegation that a Chinese military unit is behind cyber attacks against the US government

… Read more »

Chicago lawyer Pejman Yousefzadeh writes in, at my request, with the following thoughts on teaching students to counter cyber threats using the ancient strategic game of Go. Pejman, who writes a very interesting blog, generously over-imagines my skill at … Read more »

I have often asked whether the Obama administration had a strategy to confront the apparently enormous problem of cyber exploitation by the Chinese against U.S. firms.  Yesterday it published the Administration Strategy on Mitigating the Theft of U.S. Trade Secrets… Read more »

Gary Shiffman and Ravi Gupta have written an interesting new article: “Crowdsourcing cyber security: a property rights view of exclusion and theft on the information commons.” From the abstract:

Individuals increasingly rely upon the internet for basic economic

… Read more »

Paul and Ritika have already linked to the Mandiant report yesterday on the Chinese People’s Liberation Army cyber espionage group known as Unit 61398.  It’s a very impressive document. Here is the executive summary, for those who want more than … Read more »

Apropos of our discussion last week about “Taming the Cyber Dragon” today’s New York Times has an extensive report on how China’s army is directly linked to hacking inside the United States.  For those who want the unvarnished underlying … Read more »

One of the most notable challenges in dealing with cybersecurity is the difficulty of adequately conveying the scope and size of cyberspace.  It’s easy to say that there are nearly 2.5 billion internet users in the world (35% of the … Read more »

While Ben has often mocked the New York Times for its opinions, the Washington Post has mostly escaped our attention.  To a large degree this reflects the level-headedness of its opinions.  So when it slips into an alternate universe of … Read more »

The flourishing market in zero-day vulnerabilities is, as these two recent scary stories indicate, a major cybersecurity challenge.  Herb Lin, the chief scientist at the Computer Science and Telecommunications Board, National Research Council, has these brief thoughts:

The fundamental problem

… Read more »