Skip to content

Category Archives: Cybersecurity

ICANN CEO To End Tenure

By
Thursday, May 21, 2015 at 11:54 AM

Fadi Chehade, the CEO of the Internet Corporation for Assigned Names and Numbers (ICANN), has announced his intention to step down, effective March 2016.  The United States is in the midst of a transition that will, when completed, give up its contractual control of the Internet Assigned Numbers Authority (IANA).  That authority is currently conducted . . .
Read more »

The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange

By
Thursday, May 21, 2015 at 10:34 AM

Logjam is a new attack against the Diffie-Hellman key-exchange protocol used in TLS. Basically: The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due . . .
Read more »

An Interview with FBI Director Jim Comey

By
Thursday, May 21, 2015 at 6:41 AM

I haven’t watched this yet, but it took place yesterday at Georgetown Law’s Cybersecurity Law Institute. Ben Powell, former general counsel to the DNI, interviews Jim Comey:  

Secretary Of State John Kerry On “An Open and Secure Internet”

By
Tuesday, May 19, 2015 at 1:38 PM

Secretary of State Kerry just gave a speech in Korea (May 18, 2015) entitled “An Open and Secure Internet: We Must Have Both.” In this speech, he reiterates the U.S. position that “the basic rules of international law apply in cyberspace. Acts of aggression are not permissible. And countries that are hurt by an attack . . .
Read more »

@War: The Rise of the Military-Internet Complex

By
Friday, May 15, 2015 at 7:00 PM

Books reviewed in this essay: @War: The Rise of the Military-Internet Complex, by Shane Harris (Houghton Mifflin Harcourt 2014) Cyber Operations and the Use of Force in International Law, by Marco Roscini (Oxford UP 2014) North Korea hacks Sony. Criminals repeatedly steal millions of credit-card and social-security numbers from major retailers. And government officials regularly . . .
Read more »

The Full Glare of European Hypocrisy on Surveillance

By
Tuesday, May 5, 2015 at 9:57 PM

In case you needed a refresher course on European hypocrisy on surveillance and data privacy, the New York Times today obliges with two stories over which the connoisseur of human folly ought really to pause. The first involves the adoption by France’s lower parliamentary house of a new surveillance law so broad and so lacking in judicial review . . .
Read more »

New Surveillance Reform Bill Introduced

By
Tuesday, April 28, 2015 at 9:40 PM

Senators Leahy and Lee introduced a new version of the USA Freedom Act today to scale back surveillance authorities, including limiting the use of Section 215 of the USA Patriot Act for bulk collection, plus much, much more. The text of the bill is available here. And on Friday May 1, the Congressional Internet Caucus will host a . . .
Read more »

Tallinn 2.0

By
Monday, April 27, 2015 at 12:57 PM

Earlier this month, the government of the Netherlands hosted a Global Conference on Cyberspace, which was, apparently, fairly well received, as the Chair’s Statement suggests. One important side event, for readers of this blog, was a conference of  state legal advisers from over 35 States at a “Tallinn Manual 2.0 consultation meeting.”  The authors who . . .
Read more »

Administration Loves RSA; Does It Get Love Back?

By
Monday, April 27, 2015 at 7:53 AM

Last week was the annual RSA convention in San Francisco, the premier convention of cybersecurity professionals in America each year.  This year the largest crowd ever gathered at the Moscone Center, and the Obama Administration was out in force.  It had three booths on the convention floor (including one from NSA with an absolutely cool . . .
Read more »

Two Observations About The New DOD Cyber Strategy

By
Friday, April 24, 2015 at 9:59 PM

The publication of DOD’s new cyber strategy is a milestone and a major step forward in the cyber policy debate. In particular, the strategy is notable for its relative openness about the use of offensive options. For example, the strategy says explicitly (p. 5): …if directed by the President or the Secretary of Defense, DoD . . .
Read more »

The Continuing Democratization of QUANTUM Technology

By
Friday, April 24, 2015 at 2:15 PM

From my book Data and Goliath: …when I was working with the Guardian on the Snowden documents, the one top-secret program the NSA desperately did not want us to expose was QUANTUM. This is the NSA’s program for what is called packet injection­ — basically, a technology that allows the agency to hack into computers. . . .
Read more »

Pentagon Releases New 2015 Cybersecurity Strategy

By
Thursday, April 23, 2015 at 5:26 PM

Today, Secretary of Defense Ashton Carter unveiled the Pentagon’s new cybersecurity strategy at Stanford University in a speech entitled “Rewiring the Pentagon: Charting a New Path on Innovation and Cybersecurity.” According to the Associated Press, the strategy is the first document in which the United States has publicly said that the U.S. military intends to use . . .
Read more »

In Case You Needed Another Reason to Look Askance at WikiLeaks

By
Thursday, April 16, 2015 at 10:27 PM

Here is one. The organization today posted online what it describes as “an analysis and search system for The Sony Archives: 30,287 documents from Sony Pictures Entertainment (SPE) and 173,132 emails, to and from more than 2,200 SPE email addresses.” That’s right. North Korea hacks Sony and steals lots of innocent people’s communications, and WikiLeaks . . .
Read more »

A Tidbit From an Old NSA Document (2000)

By
Thursday, April 16, 2015 at 10:11 PM

Browsing through an old NSA document called Transition 2001, dated December 2000, I came across this tidbit on page 3. “In transforming the cryptologic system, the NSA/CSS must shift significant emphasis and resources from current products, services, and targets to the modern and anticipated information technology environment for both SIGINT and information assurance. The NSA/CSS . . .
Read more »

On Hacking A Passenger Airliner (GAO report)

By
Thursday, April 16, 2015 at 12:29 PM

Several news stories today have highlighted a recently released GAO report which stated that “Modern aircraft are increasingly connected to the Internet. This interconnectedness can potentially provide unauthorized remote access to aircraft avionics systems.” True enough. The fundamental problem arises from the fact that the modern passenger aircraft have two networks, one for avionics and airplane . . .
Read more »

Homeland Security Committee’s Cyber Bill a Missed Opportunity

By
Tuesday, April 14, 2015 at 5:15 PM

Today, the House Homeland Security Committee marked up a cybersecurity information sharing bill that promised to be “the best of bunch” in terms of civil liberties protections among the cybersecurity information sharing bills that Congress is currently considering. Unfortunately, the bill misses the mark in a key respect. The problem starts with the fact that . . .
Read more »

A Primer on Globally Harmonizing Internet Jurisdiction and Regulations

By
Tuesday, April 14, 2015 at 3:29 PM

That is the title of a paper I recently co-authored with former Secretary of Homeland Security, Michael Chertoff.  We wrote it for the Global Commission on Internet Governance, a commission chaired by former Swedish Prime Minister Carl Bildt.  Here’s the introductory paragraph: We stand on the cusp of a defining moment for the Internet, and . . .
Read more »

On the Issue of “Jurisdiction” over ICANN

By
Wednesday, April 8, 2015 at 9:56 AM

By now readers of this blog know, the United States is in the midst of a transition that will, when completed, give up its contractual control of the Internet Assigned Numbers Authority (IANA).  That authority is currently conducted by the Internet Corporation for Assigned Names and Numbers (ICANN) under contract to the Department of Commerce.  . . .
Read more »

Review of Schneier’s Data and Goliath

By
Tuesday, April 7, 2015 at 11:30 AM

Over at The New Rambler Review – a new online book review site that I highly recommend – I have a piece on Bruce Schneier’s new book, Data and Goliath.  An excerpt that provides a sense of the book: Data and Goliath is an informed, well-written, accessible, and opinionated critique of “ubiquitous mass surveillance” by governments . . .
Read more »

Entertainment IS Critical Infrastructure — Who Knew?

By
Thursday, April 2, 2015 at 1:18 PM

I stand corrected.   Yesterday, in my post about the new cyber-sanctions EO I made the point that it wouldn’t apply to the Sony hack because Sony was not critical infrastructure.  I was wrong, as several people, including our own Herb Lin, graciously pointed out. I knew, of course, that Commercial Facilities, were a critical infrastructure . . .
Read more »