Cybersecurity

Latest in Cybersecurity

Cybersecurity

A Federal Backstop for Insuring Against Cyberattacks?

Scott R. Anderson, Aaron Klein Tue, Oct 1, 2019, 9:00 AM

The effects of warfare can be felt well beyond the battlefield. Businesses are interrupted, property damaged, lives lost—and those at risk often seek to protect themselves through insurance. The premiums that insurers charge, however, rarely account for the immense destructive capacity of modern militaries, making wartime claims a potentially existential threat to their fiscal solvency.

Read more about A Federal Backstop for Insuring Against Cyberattacks?

Privacy

The NSA General Counsel's Proposal for a Moonshot

Susan Landau Mon, Sep 23, 2019, 8:08 AM

National Security Agency (NSA) General Counsel Glenn Gerstell presented an interesting and surprising challenge last week, writing in the New York Times that the United States must be ready to face the “profound and enduring implications of the digital revolution.” The essay was interesting in that Gerstell’s writing was almost philosophical, rather than a direct call to action (not exactly a common mode of address for general counsels of intelligence agencies),

Read more about The NSA General Counsel's Proposal for a Moonshot

Encryption

How Long Will Unbreakable Commercial Encryption Last?

Stewart Baker Fri, Sep 20, 2019, 8:00 AM

Most people who follow the debate over unbreakable, end-to-end encryption think that it’s more or less over. Silicon Valley has been committed to offering such encryption since at least the Snowden revelations; the FBI has abandoned its legal campaign against Apple’s device encryption; and prominent national security figures, especially those tied to the National Security Agency,, have sided with industry and against the Justice Department.

Read more about How Long Will Unbreakable Commercial Encryption Last?

Cybersecurity and Deterrence

Self-Help in Cyberspace: A Path Forward

Wyatt Hoffman, Ariel E. Levite Mon, Sep 16, 2019, 8:00 AM

Recent years have seen sustained calls to “unleash” the private sector to more assertively combat cyber threats. The argument has gained some sympathy in Congress, where Rep. Tom Graves (R-Ga.) recently reintroduced the Active Cyber Defense Certainty Act (ACDCA).

Read more about Self-Help in Cyberspace: A Path Forward

Election Security

An Op-Ed From the Future on Election Security

Alex Stamos Wed, Sep 4, 2019, 1:38 PM

There have been many pieces, in Lawfare and elsewhere, about the weaknesses in America’s political and election systems. In my career as a security executive, I sometimes found it difficult to communicate risk to non-expert audiences when focusing on a specific vulnerability. It is often more effective to paint a dire but realistic scenario relying on the proven capabilities of real adversaries combined with a variety of known, systemic issues.

Read more about An Op-Ed From the Future on Election Security

Cybersecurity

How to Measure Cybersecurity

Robert S. Taylor Mon, Aug 26, 2019, 11:41 AM

Paul Rosenzweig observed recently on Lawfare that there are “no universally recognized, generally accepted metrics by which to measure and describe cybersecurity improvements” and that, as a result, decision-makers “are left to make choices about cybersecurity implementation based on qualitative measures rather than quantitative ones.” Rosenzweig is working with the R Street Institute to build a consensus on useful metrics.

Read more about How to Measure Cybersecurity

Going Dark

The Myth of Consumer Security

Bruce Schneier Mon, Aug 26, 2019, 8:00 AM

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement.

Read more about The Myth of Consumer Security

Cybersecurity

Hackers Leaked Sensitive Government Data in Argentina—and Nobody Cares

Eugenia Lostri Wed, Aug 21, 2019, 9:00 AM

On Monday, Aug. 12, hackers leaked 700 GB of data obtained from the government of Argentina, including confidential documents, wiretaps and biometric information from the Argentine Federal Police, along with the personal data of police officers. The Twitter account of the Argentine Naval Prefecture was hacked as well, and used not only to share links to the stolen information but also to spread fake news about a nonexistent British attack on Argentine ships.

Read more about Hackers Leaked Sensitive Government Data in Argentina—and Nobody Cares

Cybersecurity

Preliminary Observations on the Utility of Measuring Cybersecurity

Paul Rosenzweig Tue, Aug 6, 2019, 8:00 AM

Cybersecurity is a bit like obscenity. It seems that we know it when we see it, but we have a great deal of difficulty describing it, categorizing it or counting it. Much as with obscenity, there are some obvious answers on which all can agree—having an “internet of things” system with a hard-coded password of “123456” is insecure by any measure—but there is a vast gray area in between the poles where tradeoffs, cost-benefit assessments, and issues of practicality and scalability lurk.

Read more about Preliminary Observations on the Utility of Measuring Cybersecurity

Cybersecurity

Criminal Complaint in Capital One Hacking Case

Vishnu Kannan Tue, Jul 30, 2019, 3:48 PM

On July 29, the U.S. Attorney’s Office for the Western District of Washington filed a criminal complaint against Paige A. Thompson for violating the Computer Fraud and Abuse Act by hacking into protected computers belonging to Capital One. The complete charging document is available here and below.

Read more about Criminal Complaint in Capital One Hacking Case

Cybersecurity

A Federal Backstop for Insuring Against Cyberattacks?

Privacy

The NSA General Counsel's Proposal for a Moonshot

Encryption

How Long Will Unbreakable Commercial Encryption Last?

Cybersecurity and Deterrence

Self-Help in Cyberspace: A Path Forward

Election Security

An Op-Ed From the Future on Election Security

Cybersecurity

How to Measure Cybersecurity

Going Dark

The Myth of Consumer Security

Cybersecurity

Hackers Leaked Sensitive Government Data in Argentina—and Nobody Cares

Cybersecurity

Preliminary Observations on the Utility of Measuring Cybersecurity

Cybersecurity

Criminal Complaint in Capital One Hacking Case

Subscribe to Lawfare

Support Lawfare

Explore