Header graphic for print
Steptoe Cyberblog

Category Archives: Cybersecurity and Cyberwar

Subscribe to Cybersecurity and Cyberwar RSS Feed

Steptoe Cyberlaw Podcast – Bonus Episode – Interview with Charles Allen and John McLaughlin

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

127: Vlad’s Cojones I know we promised to take August off, but I was inspired by the flap over the DNC hack and the fact that I’m at the Aspen Homeland Security Working Group meeting in Colorado. I waylaid two former intelligence community members on the Aspen campus and asked for their views on the… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ed Hammersla and Brian White

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 126 – The podcast goes to the conventions If Vladimir Putin can do it, so can we. This week the podcast dives deep into the US presidential campaign. I of course talk with Maury Shenk about evidence that the Russians are behind “Guccifer 2.0” and the DNC data leak – aided by a Wikileaks… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jeremy and Ariel Rabkin

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In the news roundup, Michael Vatis covers Microsoft’s surprising Second Circuit victory over the Justice Department in litigation over a warrant for data stored in Ireland.  The hidden issue in that case was data localization – the same issue driving the Justice Department’s new legislative proposal to allow foreign nations to obtain information from US… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Congressman Will Hurd (R-TX)

Posted in Cybersecurity and Cyberwar, International

What’s the difference between serving in Congress and spying in the back alleys of a Middle Eastern bazaar? Why not ask the one Congressman who’s done both – Rep. Will Hurd (R-TX). He also has cybersecurity chops from his career in industry, so he makes the perfect guest for episode 124a of the podcast. Just running through… Continue Reading

Steptoe Cyberlaw Podcast – News Round-Up

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

This week’s news roundup is dominated by the Ninth Circuit and the European Union. The EU parliament has approved the Privacy Shield that replaces the Safe Harbor. Michael Vatis, Alan Cohn and I ask whether companies should seek protection under what may prove to be a pretty leaky Shield. And the EU has approved cybersecurity… Continue Reading

Steptoe Cyberlaw Podcast – News Round-Up

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Edward Snowden criticizes Russia’s mass surveillance law, and a Russian official retaliates by outing him ‒ as a Russian intelligence source.  Silent Circle, the phone company that built its marketing on fear and loathing of the NSA, is nearing bankruptcy. And members of the dominant European Parliament faction are asking the Commission, “Hey! How come… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Fred Kaplan

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Was Iran’s cyberattack that bricked vast numbers of Saudi Aramco computers justified by a similar attack on the National Iranian Oil Company a few months’ earlier?  Does NSA have the ability to “replay” and attribute North Korean attacks on companies like Sony? And how do the last six NSA directors stack up against each other? … Continue Reading

Steptoe Cyberlaw Podcast – News Round-Up with Paul Rosenzweig

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

European hypocrisy on data protection is a lot like the weather.  Everyone complains about it but no one does anything about it.  Until today. In episode 120, we announce the launch of the Europocrisy Prize.  With the support of TechFreedom, we’re seeking tax deductible donations for a prize designed to encourage the proliferation of Schrems-style litigation,… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Kevin Kelly

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for episode 119 is Kevin Kelly, founding executive editor of Wired Magazine and author of The Inevitable: Understanding the 12 Technological Forces that will Shape our Future.  Kevin and I share many views – from skepticism about the recording industry’s effort to control their digital files to a similar skepticism about EFF’s effort… Continue Reading

FAR Council Issues Rule on Basic Safeguarding of Covered Contractor Information Systems

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

On May 16, four years after issuing a proposed rule, the FAR Council issued a final cybersecurity-related rule that reaches deep into the supply chain and is applicable to virtually all government contractors and subcontractors.  The rule establishes a new FAR subpart 4.19 and a clause 52.204-21, both of which are entitled “Basic Safeguarding of Covered… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Patrick Gray

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest, Patrick Gray, is the host of the excellent Risky Business security podcast.  He introduces us to the cybersecurity equivalent of decapitation by paper cut and offers a technologist’s take on multiple policy and legal issues.  In the news roundup, Michael explains the many plaintiff-friendly rulings obtained by the banks suing Home Depot over… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dmitri Alperovitch

Posted in Blockchain, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies, Virtual Currency

Ransomware is the new black.  In fact, it’s the new China.  So says our guest for episode 116, Dmitri Alperovitch, the CTO and co-founder of CrowdStrike.  Dmitri explains why ransomware is so attractive financially – and therefore likely to get much worse very fast.  He and I also explore the implications and attribution of the… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Orin Kerr

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Does the FISA court perform a recognizably judicial function when it reviews 702 minimization procedures for compliance with the fourth amendment?  Our guest for episode 115 is Orin Kerr, GWU professor and all-round computer crime guru, and Orin and I spend a good part of the interview puzzling over Congress’s mandate that the FISA court… Continue Reading

Steptoe Cyberlaw Podcast – Interview with General Hayden

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies, Virtual Currency

Our guest for episode 114 is General Michael Hayden, former director of the NSA and CIA; he also confirms that he personally wrote every word of his fine book, Playing to the Edge: American Intelligence in the Age of Terror.   In a sweeping interview, we cover everything from Jim Comey’s performance at the AG’s hospital… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Patrick Henry, Dan Kaminsky, Kiran Raj, and Dr. Zulfikar Ramzan

Posted in China, Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

No holds are barred as a freewheeling panel of cryptographers and security pros duke it out with me and the Justice Department over going dark, exceptional access, and the Apple-FBI conflict.  Among the combatants:  Patrick Henry, a notable cryptographer with experience at GCHQ, NSA, and the private sector; Dan Kaminsky, the Chief Scientist at White Ops;… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Eric Jensen

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

European news and sensibilities dominate episode 112.  I indulge in some unseemly gloating about Europe’s newfound enthusiasm for the PNR data it wasted years of my life trying to negotiate out of the US counterterrorism toolbox.  I pester our guest, Eric Jensen, about his work on the Talinn 2.0 manual covering the law of cyberwar;… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Suzanne Spaulding

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Just how sophisticated are the nations planning and carrying out cyberattacks on electric grids?  Very, is the short answer.   Our guest for episode 111, Suzanne Spaulding, DHS’s Under Secretary for the National Protection and Programs Directorate, lays out just how much planning and resources went into the attack on Ukraine’s grid, what it means for… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Susan Munro and Ying Huang

Posted in China, Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Steptoe recently held a client briefing in its Palo Alto office to update developments in the Chinese legal and regulatory that are impacting US technology companies operating in China.  I took advantage of the event to sneak in a quick discussion with Susan Munro and Ying Huang of Steptoe’s China practice, on how China is… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Perianne Boring

Posted in Blockchain, Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies, Virtual Currency

In episode 109, we interview Perianne Boring of the Chamber of Digital Commerce on the regulatory challenges of bitcoin and the blockchain.  In the news roundup, we bring back Apple v. FBI for what we hope will be one last round, as the San Bernardino magistrate voids her All Writs Act motion for mootness and… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Nuala O’Connor

Posted in China, Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

It’s an extended news roundup with plenty of debate between me and Nuala O’Connor, the President and CEO of the Center for Democracy and Technology (CDT).  We debate whether and how CDT should pay more attention to Chinese technology abuses and examine the EU ministers’ long list of privacy measures to be rolled back and… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Adam Segal

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

What kind of internet world order does China want, and will it succeed?  That’s the question we ask Adam Segal, Maurice R. Greenberg Senior Fellow at the Council on Foreign Relation and author of The Hacked World Order.  We review China’s surprising success at getting tech companies to help it build an authoritarian Internet –… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Phil Reitinger

Posted in Cybersecurity and Cyberwar, Security Programs & Policies

In bonus episode 106, Stewart and Alan interview Phil Reitinger, former DHS Deputy Undersecretary for Cybersecurity and Sony Corporation CISO and current Director of the new Global Cyber Alliance, making up for the famous “lost episode” that Stewart and Alan recorded with Phil on the sidelines of the RSA Conference (“The best interview I ever… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Robin Weisman and Peter Van Valkenburgh

Posted in Blockchain, China, Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies, Virtual Currency

Doing our best to avoid turning this into the Applelaw podcast, episode 105 begins with Maury Shenk unpacking the new US-EU Privacy Shield details.  His take: more hassles for companies accused of noncompliance, more detailed privacy disclosures and compliance obligations for most members, and a modicum of pain for the intelligence community, but it’s still… Continue Reading