No government or defense contractor should use Kaspersky Lab products.
DayZero: Cybersecurity Law and Policy
DayZero dives deep in cybersecurity vulnerabilities, and the crime, espionage, and warfare taking place on networked computers. We look at legislation, practice, and litigation over how to keep our networks and critical infrastructure secure; new and emerging threats and how the policy process responds to them; the relationship between cybersecurity other security goods; and cybersecurity in American relations with foreign adversaries and allies.
This week's podcast covers the Russia sanctions bill, radio silence from Silicon Valley on 702 renewal, and an interview with Dave Aitel.
In light of Michael Sulmeyer’s excellent recent piece on splitting NSA and CYBERCOM, which ran at War on the Rocks last week, I want to pull together some of the key legal and policy developments of the past year in a single narrative. My aim is to put them in context with each other in a way that will provide useful background for those new to this issue, while also putting a spotlight on the deconfliction-of-equities issue that the split proposal raises.
Cybercrime Roundup: Russian-born US Citizen Sentenced for Committing Cybercrime Within the United States
On July 10th, Alexander Tverdokhlebov was sentenced to 110 months for his activities renting out botnets on Russian-language cybercrime forums.
Software and computer systems are a standard target of intelligence collection in an age where everything from your phone to your sneakers has been turned into a connected computing device. A modern government intelligence organization must maintain access to some software vulnerabilities into order to target these devices. However, the WannaCry ransomware and NotPetya attacks have called attention to the perennial flipside of this issue—the same vulnerabilities that the U.S. government uses to conduct this targeting can also be exploited by malicious actors if they go unpatched.
C4ISRNET recently published an interesting and useful four-part series exploring what U.S. Cyber Command will need to operate on its own, separate from the National Security Agency. (Part I is here and provides links to the other parts in the series.)
In episode 175, IT procurement, the federal de-listing of Kaspersky Labs, and an interview with Eric Hysen take center stage.
Subscribe to DayZero: Cybersecurity Law and Policy via RSS.