In November 2016, the U.K. government launched its Active Cyber Defence (ACD) program with the intention of tackling “in a relatively automated [and transparent] way, a significant proportion of the cyber attacks that hit the U.K.” True to their word, a little over a year on, last week the U.K.’s National Cyber Security Centre (NCSC) published a full and frank account (over 60 pages long) of their progress to date.
Latest in Active Cyber Defense
The recent WannaCry and NotPetya global cyber incidents have fueled the debate already raging over the role of and limits on corporate self-defense in cyberspace. The emerging international practice of “active cyber defense” (ACD) moves this debate beyond the merely theoretical realm. Private sector active defense potentially shifts the balance in favor of defenders and would improve companies’ ability to complicate and disrupt attacks and mitigate damages.
Bobby Chesney raised a number of issues regarding the Active Defense Certainty Act, and I’m just getting into it now. I think Bobby’s comments are spot on, but I want to amplify some of his concerns.
Meaning of persistent intrusion
We are happy to report that Episode 7 of the National Security Law Podcast ("The Less Prep the Better") has just gone live. In about 42 minutes, we discuss:
- the Trump allegation about being wiretapped
- the Trump allegation about GTMO recidivism (and the Spicer follow-up about just when judges got involved in ordering GTMO releases)
- the Vault7/Wikileaks mess
Representative Tom Graves (R-GA) recently released a discussion draft of a bill that would create a defense to liability under the Computer Fraud and Abuse Act (CFAA) (18 USC 1030) f
Privateering in information security is back in fashion. This is not the first time: In 2006, Michael Tanji diagnosed parallels between cyberspace and the loosely governed sea in the 17th century and explored privateering as a policy solution.
Today is the second day of the Strauss Center at the University of Texas-Austin's conference on the legal and policy dimensions of cybersecurity. You can watch the conference's panels live here:
Below is an agenda for the day's panels:
Today, the Strauss Center at the University of Texas-Austin hosts a unique and timely conference focused on the legal and policy dimensions of cybersecurity, which you can watch live here:
Below is the agenda for the event:
Going Dark, Hacking Back, Botnet Takedowns, and More: The Strauss Center's Feb. 4-6 Cybersecurity Conference
I'm very excited to announce that the Strauss Center at UT-Austin is launching a new education-and-research program we are calling "Integrated Cybersecurity Studies," and that we are marking the occasion with a rather-special event here in Austin on February 5th and 6th. I hope some readers can join us!