Latest in Cybersecurity and Deterrence
The joint advisory warns of the tactics, techniques, and procedures used by a China state-sponsored cyber actor targeting U.S. critical infrastructure organizations.
The first class of Lawfare's cybersecurity and hacking course is now available to the public.
Cybersecurity enforcement will likely require an expansion of government inspections of critical infrastructure.
The U.K. National Cyber Force’s operating document offers a framework for responsible cyber behavior in the highly contested cyber strategic environment and further validates cyber persistence theory.
The growing involvement of civilians in activities on the digital battlefield puts individuals at risk of harm and contributes to the erosion of the principle of distinction, an edifice on which the rest of the law applicable in armed conflicts is built.
Some cybersecurity incidents can render crucial government services inaccessible, like recent events in Costa Rica and Vanuatu exemplify. In these cases, international assistance can be a key part of the response.
While a valuable part of a cybersecurity program, “third-party audits” are too often not audits and not done by true third parties.
The U.S. and the EU need to do more to limit the damage to their intelligence and law enforcement capabilities caused by cyber mercenaries.
As government policy moves toward more binding rules for cybersecurity, how should they be enforced? Self-assessment and self-certification are not likely to suffice.
If executed well, the strategy will serve as a strong pivot into a better vision for U.S. policy in cyberspace; if not, much of its promise will lack punch.