I know it is hard to turn our attention away from the NSA spying programs, but it might be worthwhile to consider that other significant threats to American security exist, possibly even ones greater the potential for government abuse.  To … Read more »

Last week, the inter-agency Committee on Foreign Investment in the United States (CFIUS) approved Japanese telecommunications firm SoftBank’s purchase of a 70% interest in Sprint-Nextel.  (Paul briefly discussed the transaction earlier.)  Both the approval and the events preceding it highlight … Read more »

As many of you might have read, the Department of Justice announced a large scale money-laundering indictment against Liberty Reserve yesterday.  I will have some analysis of this development (and the related demise of BitCoin) once I’ve had a chance … Read more »

When I wrote, last week, about the insecurity of Gmail, I was intending to gently mock the idea that the CIA might have such a bad sense of how Gmail works (and the Terms of Service under which it … Read more »

I’ve been in Germany all week (at the George C. Marshall Center which, for those who don’t know, is a joint US-Germany military think tank and an altogether wonderful place to visit) so I missed some of the details of … Read more »

Yesterday, I noted the DoD report which, for the first time, reflected a determination by the US government that a number of cyber intrusions were “attributable directly to the Chinese government and military.”  Today, quite predictably, the Chinese government denied … Read more »

As Raffaela has already noted, in today’s Washington Post there is a fascinating story about government plans to require new cyber communications technologies to provide a means by which the government can intercept communications.  The problem, briefly stated, is … Read more »

This report from today’s Wall Street Journal is fascinating.  It involves the decision of a Magistrate Judge to deny a government application for a search warrant in which the government proposed to install surreptitious software on the target computer (putatively … Read more »

As readers of this blog know, many in the US have begun to debate the legal and policy questions surrounding private sector “hack back,” also sometimes known as “active defenses.”  Of course to some of us these defensive measures look … Read more »

Last week I noted that the House Judiciary Committee was  circulating a proposal to reform the Computer Fraud and Abuse Act that was mostly a wish list for the Department of Justice.  Yesterday a diverse group of organizations and individuals … Read more »

The House Judiciary Committee has released a draft cyber bill that would modify the Computer Fraud and Abuse Act.  The bill is on a fast track as the House hopes to have a week of “cyber” legislation in the middle … Read more »

Stewart Baker points to a provision in Congress’s continuing resolution that is the first serious attempt I have seen to punish (as opposed to rail against) China for its cybersecurity practices.    Section 516 of what Stewart describes as “the continuing … Read more »

James Lewis had an op-ed yesterday in the WP about “Five Myths About Chinese Hackers.”  The fifth myth:

5. America spies on China, too, so what can we complain about?

Chinese officials portray their country as a victim of hacking

… Read more »

Raffaella has already beaten me to the punch with her link to Tom Donilon’s speech yesterday to the Asia Society.  For those who want a short version, here’s today’s report in the New York Times.  And for those who want … Read more »

For those of our readers who are members of the Federalist Society, its next “teleforum” conference call is tomorrow (Tuesday 3/12) at 2 p.m. (EST) on the subject of “Cybersecurity And the Chinese Hacker Problem.” The three panelists are Richard … Read more »

An old Yiddish definition of chutzpah is the young man who murders both his parents in cold blood and then throws himself on the mercy of the court because he is an orphan.  Today we have a new Chinese definition … Read more »

Joel Brenner, the former National Counterintelligence Executive at ODNI has an interesting piece in Foreign Policy, entitled “Gray Matter.” [Free login required]. Here’s an excerpt:

We’re in a strategic trap that’s partly economic and partly in our heads.

… Read more »

Paul and Ritika have already linked to the Mandiant report yesterday on the Chinese People’s Liberation Army cyber espionage group known as Unit 61398.  It’s a very impressive document. Here is the executive summary, for those who want more than … Read more »

Apropos of our discussion last week about “Taming the Cyber Dragon” today’s New York Times has an extensive report on how China’s army is directly linked to hacking inside the United States.  For those who want the unvarnished underlying … Read more »

While Ben has often mocked the New York Times for its opinions, the Washington Post has mostly escaped our attention.  To a large degree this reflects the level-headedness of its opinions.  So when it slips into an alternate universe of … Read more »

I have been beating this one the death, and will not for a while after this, but the gap between the supposed threat of cyberespionage and our response to it continues to amaze.  From Ellen Nakashima, we learn this morning … Read more »

If you do, perhaps you might also be willing to buy a cyber certificate from TURKTRUST.INC.

TURKTRUST is a certificate authority.  That means that it is authorized to issue certificates which tell you that you’ve reached an authentic web site.  … Read more »

I’m not sure how I missed this last month, but Lisa Monaco—assistant attorney general for national security—gave a speech on cybersecurity and NSD’s bureaucratic and substantive response to the problem. Better late than never, here’s the full text—along with … Read more »

Over at the Volokh Conspiracy, my friend Orin Kerr has a fascinating post on the case of US v. Stanley.   It isn’t strictly cybersecurity but the case itself is still worth reading.  For those who want a quick summary:… Read more »

On Friday, the Wall Street Journal reported that Stuxnet, the virus that targeted Iran’s uranium enrichment program and that is generally thought to have been created jointly by the United States and Israel, also infected the computer systems of energy … Read more »

Here’s a transcript of Defense Secretary Leon Panetta’s speech yesterday on cybersecurity in New York:

Remarks by Secretary Panetta on Cybersecurity to the Business Executives for National Security, New York City

SECRETARY OF DEFENSE LEON E. PANETTA:  Thank you.  Thank

… Read more »

Don’t miss this excellent piece, over at the Volokh Conspiracy, by Stewart Baker about the opportunity created by the poor cybersecurity habits of hackers. Here’s Stewart’s distillation of the issue at the opening:

Right now, policymakers are intent on

… Read more »

Former Secretary of DHS, Michael Chertoff has this op-ed in the Wall Street Journal today, concerning Google’s subversion of Safari’s security settings.  Here’s the introduction:

In the cyber age, privacy and security are two sides of the same coin. Digital

… Read more »

Some time ago I began an answer to Jack Goldsmith on why I thought cybersecurity regulation was the wrong answer to our current cyber problems.  Other commitments, including paying clients!, got in the way of further developing the argument, but … Read more »

A number of sources are reporting the discovery of a complex malware toolkit, mostly described as “Flame,” which appears to have been distributed in a targeted fashion to infect computers in Iran in particular, though also throughout the Middle East.  … Read more »

The Federal government acknowledged, on Friday, that a contractor operating aspects of the Thrift Savings Plan (the government’s in-house pension plan) suffered a significant cyber breach.  As a result of the breach more than 120,000 TSP participants have had … Read more »

I’ve lately been thinking of the scope and nature of cyber threats — mostly in writing a still-in-draft response to Jack Goldsmith’s recent defense of cybersecurity regulation.  In the interest of furthering the debate, this article on How to … Read more »

I received the list below (of “Significant Cyber Attacks” on Federal systems since 2004) from sources on Capitol Hill last week.  After reading through it and checking the data, it seemed worth making the list part of the public record.  … Read more »