Header graphic for print
Steptoe Cyberblog

Category Archives: Data Breach

Subscribe to Data Breach RSS Feed

Steptoe Cyberlaw Podcast – Interview with David Aitel

Posted in Data Breach, International

Episode 176: Governments to Internet: STFU Everybody’s a critic, and everybody’s a censor, at least if you judge by today’s episode: Maury Shenk tells us the European Court of Justice will soon rule on its authority to censor what Americans read. Markham Erickson discusses the Ninth Circuit decision upholding national security letter gag orders. And Maury says… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ellen Nakashima

Posted in Data Breach, International, Security Programs & Policies

Episode 171.  Implants in the Kremlin’s Snack Machines? Our guest, Ellen Nakashima, was coauthor of a Washington Post article that truly is a first draft of history, though not a chapter the Obama administration is likely to be proud of.  She and Greg Miller and Adam Entous chronicle the story of Russia’s information operations attack… Continue Reading

Steptoe Cyberlaw Podcast – News Roundup

Posted in Data Breach, International, Security Programs & Policies

Episode 170 This week’s episode is a news roundup without interview.  We lead with the Senate’s overwhelming adoption of unexpectedly tough Russia sanctions along with the Iran sanctions bill.  The mainstream press has emphasized that the bill will lock the Obama sanctions into legislation, but Anthony Rapa explains that the bigger story is just how… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Kevin Mandia

Posted in Cybersecurity and Cyberwar, Data Breach, International

Episode 166 is the interview that goes with episode 165’s news roundup, released separately to ensure the timeliness of the news. In episode 166, we interview Kevin Mandia, the CEO and Board Director of FireEye, an intelligence-led security company.  FireEye recently outed a new cyberespionage actor associated with the Vietnamese government.  Kevin tells us how… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Tim Maurer

Posted in Data Breach, International, Security Programs & Policies

Episode 164: Stewart on the Road to Tarsus Episode 164 features Stewart Baker’s startling change of heart on the question of cyberspace norms. Credit goes to our interview guest, Tim Maurer, Fellow and co-director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace. And perhaps as well to Brian Egan, former Legal… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Nicholas Weaver

Posted in Data Breach, International, Privacy Regulation

Episode 159: Interview with Nicholas Weaver Our guest interview is with Nick Weaver, of Berkeley’s International Computer Science Institute.  It covers the latest dumps of hacker tools, the vulnerability equities process, the so-bad-you-want-to-cover-your-eyes story of Juniper and the Dual_EC hacks, and ends with a tour of recent computer security disasters, from the capture of a… Continue Reading

Steptoe Cyberlaw Podcast – Debate with Greg Nojeim and Jamil Jaffer

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

155: Debating Hackback Episode 155 of the podcast offers something new:  equal time for opposing views.  Well, sort of, anyway.  In place of our usual interview, we’re running a debate over hacking back that CSIS sponsored last week.  I argue that US companies should be allowed to hack back; I’m opposed by Greg Nojeim, Senior… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Curtis Dukes and Tony Sager

Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

Episode 154:  What cybersecurity experts tell their Moms about computer security In this week’s episode, we ask two acknowledged NSA cybersecurity experts, Curtis Dukes and Tony Sager, both from the Center for Internet Security, what they tell their family members about how to keep their computers, phones, and doorbells safe from hackers. Joining us for… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dominic Rochon and Patricia Kosseim

Posted in Cybersecurity and Cyberwar, Data Breach, International

Our interview features a classic “please don’t read this” headline: “Worthwhile Canadian Initiatives.”  We explore multiple worthwhile Canadian initiatives with Dominic Rochon, deputy chief of policy and communications for CSE, Canada’s version of the NSA and with Patricia Kosseim, general counsel and director general for policy at the Office of Canada’s Privacy Commissioner.  Among other… Continue Reading

Steptoe Cyberlaw Podcast – News Roundup

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Uncategorized

Posse Comitatus: Latin for “Get off my turf”? Would it violate the Posse Comitatus Act to give DOD a bigger role in cybersecurity?  Michael Vatis and I call BS on the idea, which I ascribe to Trump Derangement Syndrome and Michael more charitably ascribes to a DOD-DHS turf fight. Should the FDA allow implants of… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Kiersten Todt

Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

Too busy to read the 100-page Presidential Commission on Enhancing National Security report on what the next administration should do about cybersecurity?  No worries.  Episode 142 features a surprisingly contentious but highly informative dialog about the report with Kiersten Todt, the commission’s executive director. In the news, Lindsey Graham, John McCain, and a host of… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Scott Charney

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

We ask Rihanna to sum up the latest US-EU agreement: And that’s when you need me there With you I’ll always share … You can stand under my umbrella RiRi’s got the theory right:  The Umbrella Agreement was supposed to make sure the US and EU would always share law enforcement data.  But when the… Continue Reading

Steptoe Cyberlaw Podcast – Interview with John Markoff

Posted in Cybersecurity and Cyberwar, Data Breach

The Autonomous Weapon Who Went to the Beach Episode 140 features long-time New York Times reporter, John Markoff, on the past and future of artificial intelligence and its ideological converse – the effort to make machines that augment rather than replace human beings.  Our conversation covers everything from robots, autonomous weapons, and Siri to hippie… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Paul Rosenzweig and Shane Harris

Posted in China, Cybersecurity and Cyberwar, Data Breach, Privacy Regulation

We couldn’t resist.  This week’s topic is of course President-elect Trump and what his election could mean for All Things Cyber.  It features noted cybercommentator Paul Rosenzweig and Daily Beast reporter Shane Harris.  In the news, we’re reminded of the old Wall Street saying that bulls and bears can both make money in the market… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Frank Cilluffo

Posted in Cybersecurity and Cyberwar, Data Breach

The episode features a vigorous and friendly debate between me and Frank Cilluffo over his Center’s report on active defense, titled “Into the Gray Zone.”  It’s a long and detailed analysis by the Center for Homeland and Cyber Security at GW University.  My fear: the report creates gray zones for computer defense that should not… Continue Reading

Steptoe Cyberlaw Podcast – Interview with John Carlin

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

John Carlin leaves Justice:  We give him the good news and the bad news. Episode 134 features John Carlin’s swan song as assistant attorney general for national security.  We review the highs and lows of his tenure from a cybersecurity point of view and then look to the future, including how the US should respond… Continue Reading

Steptoe Cyberlaw Podcast – The Grugq

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

(Groucho) Marxism and Red Lines in Cyberspace In episode 133, our guest is The Grugq, famous in hacker circles but less so among Washington policymakers.  We talk about the arrest of an NSA employee for taking malware and other classified materials home, the Shadow Broker leak of Equation Group tools, and the Grugq’s view that… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ellen Nakashima

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In episode 132, our threepeat guest is Ellen Nakashima, star cyber reporter for the Washington Post.  Markham Erickson and I talk to her about Vladimir Putin’s endless appetite for identifying ‒ and crossing ‒ American red lines, the costs and benefits of separating NSA from Cyber Command, and the chances of a pardon for Edward… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Matt Cutts and Lisa Wiswell

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

A record-setting insecurity week. Our interview in episode 131 is with Matt Cutts and Lisa Wiswell from the Pentagon’s Defense Digital Service.  Matt joined the Digital Service from Google where he authored their SafeSearch content filter.  Lisa is a bureaucracy hacker with the Defense Digital Service and previously spent years working on cyber-warfare in DOD’s… Continue Reading

Steptoe Cyberlaw Podcast – News Round-Up

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies, Uncategorized

In a law-heavy news roundup, Katie Cassel and I talk about New York’s dangerously prescriptive cybersecurity regs for banks and insurers. Maury Shenk and I uncover the seamy industrial politics behind the EU’s latest copyright and telecom proposals.  The Sixth Circuit deepens a circuit split over standing and how much injury it takes to support… Continue Reading

Steptoe Cyberlaw Podcast – News Round-up with Phil West

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

Ironman meets the Antideficiency Act In episode 129, Alan Cohn and I dive deep on the Government Oversight committee’s predictably depressing and unpredictably entertaining report on the OPM hack. Cheeky Chinese hackers register their control sites to superhero alter egos.  And poor, patriotic Cytech finds an intruder during a sales demo, rushes to provide support… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Scott DePasquale

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

The podcast is back with a bang from hiatus. Our guest, Scott DePasquale, is the CEO of Utilidata, an electric utility IoT and cybersecurity company. Scott talks about his contribution to the Internet Security Alliance’s upcoming book, The Cyber Security Social Contract. Episode 128 also brings you a news roundup from the most momentous August… Continue Reading

Steptoe Cyberlaw Podcast – Bonus Episode – Interview with Charles Allen and John McLaughlin

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

127: Vlad’s Cojones I know we promised to take August off, but I was inspired by the flap over the DNC hack and the fact that I’m at the Aspen Homeland Security Working Group meeting in Colorado. I waylaid two former intelligence community members on the Aspen campus and asked for their views on the… Continue Reading