Latest in Cybersecurity: Crime and Espionage
The FCC issued an order barring China Telecom from providing telecommunications services in the United States.
The United States government has adopted a comprehensive approach to combating ransomware.
To solidify recent gains against cybercrime safe havens, the United States must work with capable and willing partners and increase the pressure on countries that harbor cyber criminals.
The deferred prosecution agreements for three members of Project Raven charged with hacking on behalf of a foreign government seem to set a precedent for lenient treatment for this type of conduct. In reality, the case signals that the U.S. Department of Justice intends to crack down on this type of conduct using every tool available.
The Justice Department needs a “troop surge” of cyber prosecutors and agents to conduct long-term, proactive investigations into ransomware gangs and the organizations that enable them.
U.S. companies must understand that in many cases they are no longer simply competing with corporate rivals. They are competing with the nation-states supporting their corporate rivals.
The Department of Justice has charged five Chinese nationals with a variety of crimes for allegedly hacking into over 100 organizations worldwide, including targeted attacks on U.S. companies.
Domestic organizations need to be cautious of COVID-19-related phishing attacks, which have the potential to cripple business and administrative operations during the time of a health emergency.
This article, originally presented to the Cross-Border Data Forum, expands upon arguments first set forth by the authors in “Flat Light: Data Protection for the Disoriented, From Policy to Practice,” The Hoover Institution, November 20, 2018.
In the U.S. there has been a long debate about “vulnerability equities”—that is, whether the government should disclose a vulnerability it discovers to the vendor, which will then allow users to apply a patch and be defended against exploitation, or keep the vulnerability secret to enable the government’s exploitation of targets. There is little data on how the process works. But the U.S. has the potential to learn how the British handle the same problem.