Cybersecurity

Latest in Cybersecurity

Department of Defense

Defense Department Releases Zero Trust Strategy

Hadley Baker Tue, Nov 29, 2022, 4:31 PM

On Nov. 22, the U.S. Department of Defense released their Zero Trust Strategy, a new approach to countering cyberattacks. The new framework employs a “‘never trust, always verify’” mindset, deviating from the Defense Department’s previously used perimeter defense model. The strategy is prompted by the “rapid growth” of offensive cyber threats and aims to fully implement the department-wide model by fiscal year 2027.

Read more about Defense Department Releases Zero Trust Strategy

Cybersecurity

Keeping Up With Ransomware

Eugenia Lostri Fri, Nov 18, 2022, 8:16 AM

The recent meeting of the International Counter Ransomware Initiative brought together representatives from over 30 countries and the private sector. It’s a good step in responding to different aspects of the ransomware threat, but the initiative seems to struggle to prevent future attacks.

Read more about Keeping Up With Ransomware

Cybersecurity

Cyber Norms in the Context of Armed Conflict

Peter Pascucci, Kurt Sanger Wed, Nov 16, 2022, 8:16 AM

United Nations norms related to nation-state cyberspace operations clearly apply during peacetime, but recent events in Ukraine and Russia raise challenges regarding those norms’ applicability in armed conflict.

Read more about Cyber Norms in the Context of Armed Conflict

Cybersecurity

The Securing Open Source Software Act Is Good, but Whatever Happened to Legal Liability?

Chinmayi Sharma, John Speed Meyers, James Howison Thu, Nov 10, 2022, 8:16 AM

The recent introduction of the Securing Open Source Software Act, and its subsequent momentum, has stoked a debate about the true reason for the open source security problem and the merits of different solutions.

Read more about The Securing Open Source Software Act Is Good, but Whatever Happened to Legal Liability?

Cybersecurity

Quantifying Cyber Conflict: Introducing the European Repository on Cyber Incidents

Matthias Schulze Mon, Nov 7, 2022, 8:16 AM

Statistical data on cyber conflict is lacking. A new dataset by a European research initiative called EuRepoC tries to solve this problem by launching a dashboard to visualize more than 1,400 cyber incidents.

Read more about Quantifying Cyber Conflict: Introducing the European Repository on Cyber Incidents

Cybersecurity

What Impact, if Any, Does Killnet Have?

Maggie Smith, Erica D. Lonergan, Nick Starck Fri, Oct 21, 2022, 8:31 AM

Killnet, the pro-Russian hacktivist collective, launched an ineffective DDoS attack on U.S. government websites earlier this month, leaving many to wonder what the purpose of such groups is and what impact they actually have, especially amid the war in Ukraine.

Read more about What Impact, if Any, Does Killnet Have?

Cybersecurity

The Emerging Cyber Threat to the American Rail Industry

Claudia Swain Thu, Oct 20, 2022, 9:21 AM

Adding trains to the Internet of Things opens the door to a new threat: cyberattacks.

Read more about The Emerging Cyber Threat to the American Rail Industry

Cyber & Technology

The Fallout From the First Trial of a Corporate Executive for ‘Covering Up’ a Data Breach

Kellen Dwyer Wed, Oct 19, 2022, 8:16 AM

The Justice Department should issue guidance to clarify the line between covering up a data breach and merely declining to disclose it.

Read more about The Fallout From the First Trial of a Corporate Executive for ‘Covering Up’ a Data Breach

Cybersecurity

Clarifying Responsible Cyber Power: Developing Views in the U.K. Regarding Non-intervention and Peacetime Cyber Operations

Russell Buchan, Joe Devanny Thu, Oct 13, 2022, 8:30 AM

A response to a previous Lawfare article on the U.K.’s cyber strategy, emphasizing the need to develop a nuanced, incremental development of that strategy over time

Read more about Clarifying Responsible Cyber Power: Developing Views in the U.K. Regarding Non-intervention and Peacetime Cyber Operations

Cyber & Technology

Cybersecurity Regulation: It’s Not ‘Performance-Based’ If Outcomes Can’t Be Measured

Jim Dempsey Thu, Oct 6, 2022, 8:16 AM

A closer look at the TSA’s cybersecurity directive for pipelines casts doubt on the applicability of “performance-based” regulation to cybersecurity. For now, policymakers have to combine management-based controls and technology-specific prescriptions.

Read more about Cybersecurity Regulation: It’s Not ‘Performance-Based’ If Outcomes Can’t Be Measured

Cybersecurity

Subtopics

Department of Defense

Defense Department Releases Zero Trust Strategy

Cybersecurity

Keeping Up With Ransomware

Cybersecurity

Cyber Norms in the Context of Armed Conflict

Cybersecurity

The Securing Open Source Software Act Is Good, but Whatever Happened to Legal Liability?

Cybersecurity

Quantifying Cyber Conflict: Introducing the European Repository on Cyber Incidents

Cybersecurity

What Impact, if Any, Does Killnet Have?

Cybersecurity

The Emerging Cyber Threat to the American Rail Industry

Cyber & Technology

The Fallout From the First Trial of a Corporate Executive for ‘Covering Up’ a Data Breach

Cybersecurity

Clarifying Responsible Cyber Power: Developing Views in the U.K. Regarding Non-intervention and Peacetime Cyber Operations

Cyber & Technology

Cybersecurity Regulation: It’s Not ‘Performance-Based’ If Outcomes Can’t Be Measured

Subscribe to Lawfare

Support Lawfare

Explore