Header graphic for print
Steptoe Cyberblog

Category Archives: Security Programs & Policies

Subscribe to Security Programs & Policies RSS Feed

Steptoe Cyberlaw Podcast – Interview with Alex Joel

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for Episode 16 of the Steptoe Cyberlaw Podcast is Alex Joel, and he gets plenty of tough questions: Is it a violation of the new Obama administration policy directive for the intelligence community to look for evidence that Vladimir Putin is gay?  How did DNI Clapper manage to make his fateful misrepresentation to… Continue Reading

Retain Locally, Comply Globally

Posted in International, Privacy Regulation, Security Programs & Policies

We used to talk about the “borderless” environment of the Internet.  These days, that view is looking increasingly outmoded and utopian, in large part because of the intersection of law enforcement and privacy concerns.  Steady increases in regulation (and enforcement of existing regulation) in these areas is increasingly prompting two types of responses by global… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Daniel Sutherland

Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

In this week’s episode, we explore the latest FOIA tussle between the FBI and ACLU over NSA and the dog-bites-man story of Larry Klayman losing another long-shot appeal. This Week in NSA focuses on the Bloomberg story claiming that the agency is exploiting the Heartbleed flaw. Kudos to NSA for managing to persuasively deny the… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Benjamin Wittes

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

This week’s podcast features a conversation with none other than Lawfare’s own Ben Wittes. But it begins as usual with This Week in NSA: A Reuters story claims that researchers showed something bad about the way NSA influenced the Dual EC encryption standard.  The story glided insouciantly over two of the more newsworthy aspects of… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Michael Allen

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our special guest this week is Michael Allen, former Majority Staff Director of the House intelligence committee.  Mike is the founder of Beacon Global Strategies and the author of Blinking Red, the story of the creation of the Director of National Intelligence. We drag him into the program from the beginning, getting his take on… Continue Reading

Debating Snowden

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

For some reason, debates about Snowden are thick on the ground these days, and I’ve joined a couple of them. The most fun was the Oxford Union, which has been preparing future Parliamentarians (and Prime Ministers) all around the British Commonwealth since 1823. The Oxford Union debate was “This House would call Edward Snowden a… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jim Lewis

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

This week’s cyberlaw podcast begins as always with the week in NSA. We suspect that a second tech exec meeting with the President (for two hours!) bodes ill for the intelligence community, or at least the 215 metadata program, as does the shifting position of usually stalwart NSA supporters like Dianne Feinstein and Dutch Ruppersberger…. Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dan Novack

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

This week’s podcast covers the latest on NSA.  We mock EFF overriding one of the privacy protections in NSA’s metadata program by killing the 5-year retention limit.  We puzzle over the New York Times story on “raw take.”  What exactly is the news there?  We also ask whether NSA and the telcos will end up… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Mark Weatherford

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

In the latest episode of the Steptoe Cyberlaw Podcast, Jason Weinstein and I cover a host of topics. In the continuing NSA saga, we note the Director’s hints about a possible end to the broad collection of metadata – and the FISA court’s refusal to extend the 5-year retention deadline for NSA’s store of metadata…. Continue Reading

Steptoe Cyberlaw Podcast – Interview with Adam Sedgewick

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

In our ninth episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, and Jason Weinstein discuss: This week in NSA/Snowden: NSA weighs options for 215 data and the Office of the Director of National Intelligence will not disclose the study of storage options; GCHQ’s webcam captures; Canadian extradition flap; ABA President sends letter to… Continue Reading

Time for a change in the cybersecurity paradigm

Posted in Cybersecurity and Cyberwar, Security Programs & Policies

Earlier today the Wall Street Journal’s Risk and Compliance Journal published an interview with me and Steve Chabinsky from Crowdstrike about cybersecurity. In the interview, Steve and I make the case that the current paradigm for protecting companies against cyberattacks isn’t working, and that fixing it involves focusing on aligning private sector and government resources… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ed Stroz

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

In our eighth episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, Jason Weinstein and guest commentators Stephen Heifetz and Stephanie Roy discuss: This week in NSA/Snowden: Law Firm Surveillance Report Cited in Legal Challenge and Report: American law firm’s communications spied on; Merkel Backs Plan to Keep European Data in Europe and EU… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Steve Chabinsky

Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

In our seventh episode of the Steptoe Cyberlaw Podcast, Jason Weinstein discusses: This week in NSA: Clapper says Snowden exploited perfect storm of security lapses/Snowden swiped password from NSA coworker; FISA Court backs Pres. Obama’s changes to phone metadata program/government seeking info about private sector’s ability to hold the data; Rand Paul sues Pres. Obama… Continue Reading

Steptoe Cyberlaw Podcast – Interview with John Rizzo

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

In our sixth episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, and Jason Weinstein discuss: This Week in NSA: Transparency reports disclose Foreign Intelligence Surveillance orders and telephony metadata program is not tracking as much as previously thought Target breach update: hackers got in through HVAC contractor and Senate Judiciary Committee hearing and… Continue Reading

Cyberlaw Podcast – Interview with Ellen Nakashima

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

In our fifth episode of the Steptoe Cyberlaw Podcast, Michael Vatis and Jason Weinstein discuss: Potential talks between the US and Snowden if he pleads guilty Senator Leahy’s view of Privacy and Civil Liberties Oversight Board; calls for end to 215 program during Senate hearing with AG; cyber researchers also call for end to program… Continue Reading

Another Takeaway from TARGET: Are you being targeted through your vendors?

Posted in Data Breach, Security Programs & Policies

Yesterday TARGET announced that the hackers who committed the breach that has potentially affected as many as 110 million customers gained access to its systems through one of its vendors. Although the details are still emerging as the forensic investigation continues, this early report is a reminder that your vendors can be a potential source… Continue Reading

Cyberlaw Podcast – Interview with David Medine

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

In our fourth episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Jason Weinstein, and guest commentator Steptoe partner Chris Conte, discuss: Privacy and Civil Liberties Oversight Board issues report Supreme Court grants cert on cell phone searches incident to arrest SEC’s National Examination Program identifies cybersecurity risk as exam priority Verizon transparency report FTC gets… Continue Reading

Republican National Committee draws fire for resolution condemning NSA

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

Almost immediately after the Republican National Committee adopted an error-filled resolution attacking the NSA and its telephone metadata program, current and former GOP officials took a strong stand against the RNC resolution: [T]he RNC resolution threatens to do great damage to the security of the nation. It would be foolhardy to end the program without… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Chris Inglis

Posted in Cybersecurity and Cyberwar, International, Security Programs & Policies

In our third episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, and Jason Weinstein discuss the Aereo case that the Supreme Court has decided to hear; share their reactions to the President’s NSA announcement; explain what went on with Apple’s refund of in-app purchases; discuss NIST’s announcement that they would reduce the privacy… Continue Reading

Steptoe Cyberlaw Podcast – Episode Two

Posted in Privacy Regulation, Security Programs & Policies

Welcome to the next installment of the new Steptoe Cyberlaw Podcast. In our second episode, Stewart Baker, Michael Vatis, Jason Weinstein, and guest panelist Stephanie Roy predict what the President may say regarding the NSA; discuss the latest update in the Target and Nieman Marcus breaches; and explain the recent net neutrality decision. Download the… Continue Reading

Is the Congressional Response to the Target Breach Off-Target?

Posted in Data Breach, Security Programs & Policies

In the aftermath of the TARGET breach announced last month, there has been much talk of how to respond to large-scale breaches of this type.  Lawmakers are eager to write legislation to increase the FTC’s enforcement powers and create a national breach notification standard.  But if the congressional response focuses entirely on breach notification and… Continue Reading