Trey Herr is the director of the Cyber Statecraft Initiative under the Scowcroft Center for Strategy and Security at the Atlantic Council. His team works on the role of the technology industry in geopolitics, cyber conflict, the security of the internet, cyber safety and growing a more capable cybersecurity policy workforce.
Subscribe to this Lawfare contributor via RSS.
The Biden administration has released its much-anticipated executive order aiming to improve federal cybersecurity standards and other aspects of cybersecurity. Here’s what you need to know.
On Aug.
The “internet of things” supply chain has been a channel for risk into our homes. We can use that same channel to push security back up through the supply chain.
To meaningfully change the software ecosystem, liability policies must also establish clear security standards, apply them to the whole supply chain and create incentives for organizations to apply patches quickly.
How to map a more effective security strategy for cloud computing.
We recently published a paper on the rediscovery of software vulnerabilities. This was the final version of a paper that had been in the works since September, peer-reviewed by the WEIS community during the winter, and then circulated for additional revision in early March. Since publication, two mistakes have come to light.
Software and computer systems are a standard target of intelligence collection in an age where everything from your phone to your sneakers has been turned into a connected computing device. A modern government intelligence organization must maintain access to some software vulnerabilities into order to target these devices. However, the WannaCry ransomware and NotPetya attacks have called attention to the perennial flipside of this issue—the same vulnerabilities that the U.S. government uses to conduct this targeting can also be exploited by malicious actors if they go unpatched.