The Cyberlaw Podcast
The Cyberlaw Podcast: Sandworm and the GRU's Global Intifada
Stewart Baker Fri, Nov 15, 2019, 12:59 PM
Latest in NotPetya
Cybersecurity
A Federal Backstop for Insuring Against Cyberattacks?
Scott R. Anderson, Aaron Klein Tue, Oct 1, 2019, 9:00 AM
The effects of warfare can be felt well beyond the battlefield. Businesses are interrupted, property damaged, lives lost—and those at risk often seek to protect themselves through insurance. The premiums that insurers charge, however, rarely account for the immense destructive capacity of modern militaries, making wartime claims a potentially existential threat to their fiscal solvency.
Cybersecurity
What Mondelez v. Zurich May Reveal About Cyber Insurance in the Age of Digital Conflict
Brian Corcoran Fri, Mar 8, 2019, 8:00 AM
Last month, Ariel Levite and Wyatt Hoffman called for urgent government action to support a robust cyber insurance market in a post on Lawfare. Their argument cited ongoing litigation in Mondelez International, Inc. v. Zurich American Insurance Co., in which Mondelez is asking an Illinois state court to determine whether a claim for losses Mondelez suffered during the 2017 NotPetya attack is precluded by a “hostile or warlike action” exception in its Zurich cyber insurance policy.
Cyber Command
Separating NSA and CYBERCOM? Be Careful When Reading the GAO Report
Robert Chesney Mon, Aug 7, 2017, 1:01 PM
The Government Accountability Office last week published a report that, among other things, weighs in on the pros and cons of the NSA/CYBERCOM “dual-hat” system (pursuant to which the director of the NSA/CSS and commander of CYBERCOM are the same person). The report deserves attention but also some criticism and context. Here’s a bit of all three.
1. What is the “dual-hat” issue?
Cybersecurity
Rediscovering Vulnerabilities
Trey Herr, Bruce Schneier Fri, Jul 21, 2017, 11:30 AM
Software and computer systems are a standard target of intelligence collection in an age where everything from your phone to your sneakers has been turned into a connected computing device. A modern government intelligence organization must maintain access to some software vulnerabilities into order to target these devices. However, the WannaCry ransomware and NotPetya attacks have called attention to the perennial flipside of this issue—the same vulnerabilities that the U.S. government uses to conduct this targeting can also be exploited by malicious actors if they go unpatched.