Latest in Cybersecurity

Cybersecurity

A Federal Backstop for Insuring Against Cyberattacks?

The effects of warfare can be felt well beyond the battlefield. Businesses are interrupted, property damaged, lives lost—and those at risk often seek to protect themselves through insurance. The premiums that insurers charge, however, rarely account for the immense destructive capacity of modern militaries, making wartime claims a potentially existential threat to their fiscal solvency.

Privacy

The NSA General Counsel's Proposal for a Moonshot

National Security Agency (NSA) General Counsel Glenn Gerstell presented an interesting and surprising challenge last week, writing in the New York Times that the United States must be ready to face the “profound and enduring implications of the digital revolution.” The essay was interesting in that Gerstell’s writing was almost philosophical, rather than a direct call to action (not exactly a common mode of address for general counsels of intelligence agencies),

Encryption

How Long Will Unbreakable Commercial Encryption Last?

Most people who follow the debate over unbreakable, end-to-end encryption think that it’s more or less over. Silicon Valley has been committed to offering such encryption since at least the Snowden revelations; the FBI has abandoned its legal campaign against Apple’s device encryption; and prominent national security figures, especially those tied to the National Security Agency,, have sided with industry and against the Justice Department.

Election Security

An Op-Ed From the Future on Election Security

There have been many pieces, in Lawfare and elsewhere, about the weaknesses in America’s political and election systems. In my career as a security executive, I sometimes found it difficult to communicate risk to non-expert audiences when focusing on a specific vulnerability. It is often more effective to paint a dire but realistic scenario relying on the proven capabilities of real adversaries combined with a variety of known, systemic issues.

Cybersecurity

How to Measure Cybersecurity

Paul Rosenzweig observed recently on Lawfare that there are “no universally recognized, generally accepted metrics by which to measure and describe cybersecurity improvements” and that, as a result, decision-makers “are left to make choices about cybersecurity implementation based on qualitative measures rather than quantitative ones.” Rosenzweig is working with the R Street Institute to build a consensus on useful metrics.

Going Dark

The Myth of Consumer Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement.

Cybersecurity

Hackers Leaked Sensitive Government Data in Argentina—and Nobody Cares

On Monday, Aug. 12, hackers leaked 700 GB of data obtained from the government of Argentina, including confidential documents, wiretaps and biometric information from the Argentine Federal Police, along with the personal data of police officers. The Twitter account of the Argentine Naval Prefecture was hacked as well, and used not only to share links to the stolen information but also to spread fake news about a nonexistent British attack on Argentine ships.

Cybersecurity

Preliminary Observations on the Utility of Measuring Cybersecurity

Cybersecurity is a bit like obscenity. It seems that we know it when we see it, but we have a great deal of difficulty describing it, categorizing it or counting it. Much as with obscenity, there are some obvious answers on which all can agree—having an “internet of things” system with a hard-coded password of “123456” is insecure by any measure—but there is a vast gray area in between the poles where tradeoffs, cost-benefit assessments, and issues of practicality and scalability lurk.

Subscribe to Lawfare

EmailRSSKindle