Skip to content

Category Archives: Cybersecurity: Legislation

CISA Boom Bah …

By
Tuesday, July 22, 2014 at 4:53 PM

Sorry, I just couldn’t resist the title which does not reflect my true feelings about CISA, the Cybersecurity Information Sharing Act of 2014.  Approved earlier this month by the Senate Intelligence Committee, this bill awaits Senate floor action.  In the current environment, I think its legislative prospects are modest (though perhaps we might see it . . .
Read more »

Bits and Bytes

By
Monday, June 30, 2014 at 11:56 AM

While the rest of the world is watching the Supreme Court’s final decision day of the year, it’s been a busy time in the cyber world as well.  Herewith seven (!) bits and bytes of interest, in no particular order: Facebook’s Psych Experiment.  You’ve no doubt read that Facebook manipulated news feeds as an experiment. . . .
Read more »

Feinstein-Chambliss Cybersecurity Info Sharing Bill

By
Tuesday, June 17, 2014 at 3:18 PM

The Chair and Vice-Chair of the Senate Select Committee on Intelligence, Senators Feinstein and Chambliss have introduced a draft cybersecurity information sharing bill.  Early coverage of the bill from Inside Cybersecurity is here.  My own quick analysis: The requirement to remove personally identifying information from shared cyber threat information is both critical to securing buy . . .
Read more »

Net Neutrality Explained

By
Tuesday, June 3, 2014 at 4:00 PM

The topic of net neutrality (i.e. the question of whether or not all content on the network should be transmitted equally or whether some content providers can pay a premium to have their content transmitted at a faster pace than general) is not one that Lawfare readers will regularly concern themselves with.  Nonetheless, it bears . . .
Read more »

At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues

By
Monday, May 5, 2014 at 1:17 PM

The Computer Science and Telecommunications Board (CSTB) of the National Academies is pleased to announce the release of a report entitled At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues in prepublication form.  The final book version of the report will be available in a few weeks, and a PDF of that final . . .
Read more »

Three Speeches on Cybersecurity by Dan Geer

By
Thursday, April 3, 2014 at 3:00 PM

Cyber security maven Dan Geer has given three speeches in the last six months that are worth a read: (a) APT in a World of Rising Interdependence, given last month at the NSA; (b) We Are All Intelligence Officers Now, given at the RSA Conference in February; and (c) Trends in Cyber Security, given at NRO last November. . . .
Read more »

Snowden Disclosures and Norms of Cyber-Attacks

By
Thursday, March 20, 2014 at 11:00 AM

Secrecy—of the sort that typically shrouds cyber-defense and cyber-attack capabilities and doctrine—complicates the development of international norms.  Secrecy makes it difficult to engage in sustained diplomacy about rules.  Officials can talk about them at high levels of generality, but can’t get very specific, and it’s therefore hard to reach agreement.  Secrecy makes it difficult to . . .
Read more »

The Health Exchange Security and Transparency Act of 2014

By
Saturday, January 11, 2014 at 5:36 PM

So … what are we to make of the Health Exchange Security and Transparency Act of 2014?  As readers may be aware, the bill was proposed by the Republican majority of the House of Representatives and passed that body last week with 67 Democrat votes 291-122.   Democratic leadership opposed the bill as a subterfuge for . . .
Read more »

Part III: The Diamond Buried Deep in the Surveillance Review Group Report

By
Friday, January 3, 2014 at 2:00 PM

What follows is the last in a short, three-post assessment of selected aspects of the surveillance review group report. In this post, I highlight what is, in my view, the most productive of the review group’s many observations, from a national security perspective. Not surprisingly, given the composition and expertise of the review group members, . . .
Read more »

Assessing the Review Group Recommendations: Part III

By
Tuesday, December 31, 2013 at 5:54 PM

In Parts I and II of this series, I focused on the Review Group recommendations from Chapter III of the group’s report. Starting in this post, I turn to the recommendations of Chapter IV, which deal with collection under Section 702 and other authorities directed at non-US persons. This is, to my mind, one of the . . .
Read more »

The Meaning of the Cyber Revolution

By
Monday, December 16, 2013 at 3:00 PM

That is the title of a recent essay in International Security by Lucas Kello, a post-doctoral fellow at the Kennedy School at Harvard.  The essay is a rare effort to understand how international relations theory, and social science more generally, should apply to cyber war.  From the introduction: The article makes three main arguments.  First, . . .
Read more »

FTC Seeks New Privacy Authority

By
Wednesday, December 4, 2013 at 12:33 PM

Lawfare readers will recall that I earlier blogged about the Federal Trade Commission’s case against Wyndham Hotels.  Under the mantle of its consumer protection mandate, the FTC has sought to impose civil penalties against those companies who do not adequately protect the personal information of consumers.  Wyndham is challenging that authority, arguing that the FTC . . .
Read more »

Cyber and the NDAA

By
Wednesday, November 27, 2013 at 2:14 PM

Congress is in recess now (that’s why it’s so quiet here in Washington) and when they return the first order of business for the Senate is to take up the 2014 NDAA.   The bill, authorizing activities of the Department of Defense, is one of the few bills that routinely gets a full hearing in the . . .
Read more »

How Snowden Might Help Cybersecurity

By
Thursday, October 10, 2013 at 2:06 PM

A few weeks ago the NYT had a piece by David Sanger about how the Snowden revelations will hurt if not kill the NSA’s ambitious plans for cybersecurity defense in the U.S. homeland.  “Administration officials say the plan, championed by Gen. Keith B. Alexander, the director of the National Security Agency and head of the . . .
Read more »

Baker on Cybersecurity Post-Snowden

By
Monday, September 23, 2013 at 7:00 AM

James A. Baker, who for a long time ran the Office of Intelligence Policy Review in DOJ (which focused on FISA), and more recently worked in the Deputy Attorney General’s Office on cyber issues, gave a Constitution Day address at Dickinson College.  The speech is about “national security and the Constitution as it relates to . . .
Read more »

Cybersecurity Legislation — Something Completely Different

By
Tuesday, July 16, 2013 at 11:33 AM

The Senate Commerce Committee recently began circulating a staff discussion draft of cybersecurity legislation. This Staff Draft is a new, and significantly different approach to cyber than was advanced in the last Congress.   Here’s how the staff characterize the bill: [T]he draft bill consists of four titles: NIST-facilitated, industry-driven process for developing a set of . . .
Read more »

The Market in Zero-Day Exploits

By
Sunday, July 14, 2013 at 1:27 PM

Today’s New York Times, brings a rich article by Nicole Perlroth and David Sanger on the growing market in zero-day exploits.  Zero-day exploits are previously unknown flaws in computer programming that make it possible to subvert the program.  They are, if you will, the coin of the realm in cyber espionage or intrusion.  Here are . . .
Read more »

Cyber Threats and Cyber Realities

By
Tuesday, June 18, 2013 at 11:17 AM

I am participating today and tomorrow at a seminar at Roger Williams University Law School, entitled Cyber Threats and Cyber Realities.  It is being hosted by our Lawfare guest contributor Peter Marguiles. On today’s first panel, I was particularly struck by two observations made by panelist Jonathan Schneider.  Schneider is an energy lawyer in Washington . . .
Read more »

CISPA – An Assessment

By
Tuesday, May 7, 2013 at 11:50 AM

As most readers are aware, in the midst of the national turmoil following the bombings in Boston, the House of Representatives passed a version of the Cybersecurity Intelligence Sharing and Protection Act (CISPA) by a vote of 288-127. As I noted earlier, this represents 40 more votes than the bill received in 2012 – a . . .
Read more »

Brookings’ Allan Friedman on the Rhetoric Surrounding CISPA

By
Friday, April 19, 2013 at 7:00 AM

My Brookings colleague Allan Friedman, a technology and cybersecurity expert, sent over this comment on the House’s approval, yesterday, of the Cybersecurity Intelligence Sharing and Protection Act (“CISPA”).  The public discourse about the bill troubles him: For the past two years, rhetoric surrounding CISPA has been extreme and often very misleading. Opponents certainly have opted for such talk, claiming that . . .
Read more »