Header graphic for print
Steptoe Cyberblog

Monthly Archives: October 2013

Espionage and Allies

Posted in International, Security Programs & Policies

I contributed a short piece to the New York Times on the latest Snowden-generated flap over allegations that NSA targeted Angela Merkel’s mobile phone. Excerpts: To play the role it has played in the world for the last 70 years, the United States must be able to gather intelligence anywhere in the world with little… Continue Reading

NIST Issues Preliminary Cybersecurity Framework — Cybersecurity Hardest Hit

Posted in Cybersecurity and Cyberwar, Security Programs & Policies

NIST has revised the draft cybersecurity framework that it released in August. What it published today is a “preliminary cybersecurity framework.” After comments, a final framework will be released in February. I’ve been very critical of the draft released in August. NIST clearly worked to address the criticisms. The result is a mixed bag, but the… Continue Reading

European Webmail Privacy: Even Worse Than I Thought

Posted in International, Privacy Regulation, Security Programs & Policies

I’ve been critical of the claim that European privacy law offers more protection against government surveillance than American law. Apparently not critical enough. An Ars Technica reporter with a pro-privacy inclination decided to seriously investigate using a German email system to get the benefits of European privacy law. His tale of disillusionment revealed three privacy… Continue Reading

How NIST’s Cybersecurity Framework Could Reduce Cybersecurity

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

In my first post about NIST’s draft cybersecurity framework I explained its basic problem as a spur to better security: It doesn’t actually require companies to do much to improve their network security. My second post argued that the framework’s privacy appendix, under the guise of protecting cybersecurity, actually creates a tough new privacy requirement… Continue Reading

Is NIST turning weak cybersecurity standards into aggressive new privacy regulation?

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

Following up on my earlier NIST post, it’s fair to ask why I think the NIST Cybersecurity Framework will be a regulatory disaster. After all, as I acknowledged in that post, NIST’s standards for cybersecurity are looking far less prescriptive than business feared. There’s not a “shall” or “should” to be found in NIST’s August… Continue Reading

Who’s Afraid of the NIST Cybersecurity Framework?

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

Business and conservatives have been worried all year about the cybersecurity standards framework that NIST (the National Institute of Standards and Technology) is drafting. An executive order issued early this year, after cybersecurity legislation stalled on the Hill, told NIST to assemble a set of standards to address cyber risks. Once they’re adopted, the order… Continue Reading