Cybersecurity
A Few Questions on Cybersecurity and the Cloud
Trey Herr, Garrett Hinck, Tim Maurer Mon, Sep 21, 2020, 9:08 AM
On Aug.
Trey Herr is the director of the Cyber Statecraft Initiative under the Scowcroft Center for Strategy and Security at the Atlantic Council. His team works on the role of the technology industry in geopolitics, cyber conflict, the security of the internet, cyber safety and growing a more capable cybersecurity policy workforce.
Subscribe to this Lawfare contributor via RSS.
Cybersecurity
Cascading Security Through the Internet of Things Supply Chain
Trey Herr, Nathaniel Kim, Bruce Schneier Mon, Jun 29, 2020, 8:01 AM
The “internet of things” supply chain has been a channel for risk into our homes. We can use that same channel to push security back up through the supply chain.
Cybersecurity
Software Liability Is Just a Starting Point
Trey Herr Thu, Apr 23, 2020, 9:47 AM
To meaningfully change the software ecosystem, liability policies must also establish clear security standards, apply them to the whole supply chain and create incentives for organizations to apply patches quickly.
Cybersecurity
Better to Be Realistic About the Security Opportunities of Cloud Computing
Trey Herr Tue, Mar 17, 2020, 3:36 PM
How to map a more effective security strategy for cloud computing.
Cybersecurity
What You See Is What You Get: Revisions to Our Paper on Estimating Vulnerability Rediscovery
Trey Herr, Bruce Schneier Thu, Jul 27, 2017, 3:18 PM
We recently published a paper on the rediscovery of software vulnerabilities. This was the final version of a paper that had been in the works since September, peer-reviewed by the WEIS community during the winter, and then circulated for additional revision in early March. Since publication, two mistakes have come to light.
Cybersecurity
Rediscovering Vulnerabilities
Trey Herr, Bruce Schneier Fri, Jul 21, 2017, 11:30 AM
Software and computer systems are a standard target of intelligence collection in an age where everything from your phone to your sneakers has been turned into a connected computing device. A modern government intelligence organization must maintain access to some software vulnerabilities into order to target these devices. However, the WannaCry ransomware and NotPetya attacks have called attention to the perennial flipside of this issue—the same vulnerabilities that the U.S. government uses to conduct this targeting can also be exploited by malicious actors if they go unpatched.
Cyber & Technology
Ransomware Remixed: The Song Remains the Same
Trey Herr Wed, Jun 28, 2017, 10:11 AM
Another month, another ransomware epidemic. Broadsheets are screaming panic while companies yell back that All Is Well and Ukraine shows the world what gifs can do for incident response. Twitter is abuzz with the rapid, globalized forensics effort of a legion of amateurs and professionals (though nothing yet from the White House).