Header graphic for print
Steptoe Cyberblog

Category Archives: Security Programs & Policies

Subscribe to Security Programs & Policies RSS Feed

Steptoe Cyberlaw Podcast – Interview with Bruce Andrews

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

Our guest for episode 77 is Bruce Andrews, the deputy secretary of the Commerce Department. Alan Cohn and I pepper Bruce with questions about export controls on cybersecurity technology, stopping commercial cyberespionage, the future of the NIST cybersecurity framework, and how we can get on future cybersecurity trade missions, among other things. In the news… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Annie Antón and Peter Swire

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 76 of the podcast features the power couple of privacy and cybersecurity, Peter Swire and Annie Antón, both professors at Georgia Institute of Technology.  I question them on topics from the USA FREEDOM Act to the enduring gulf between writing law and writing code. In the news roundup, as our listeners have come to… Continue Reading

Encryption: If This is the Best His Opponents Can Do, Maybe Jim Comey Has a Point

Posted in Security Programs & Policies

When industry opposes a new regulation, it can offer many arguments for its position. Here are three. Which one is real? “We share EPA’s commitment to ending pollution,” said a group of utility executives. “But before the government makes us stop burning coal, it needs to put forward detailed plans for a power plant that… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Catherine Lotrionte

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies, Virtual Currency

Our guest commentator for episode 74 is Catherine Lotrionte, a recognized expert on international cyberlaw and the associate director of the Institute for Law, Science and Global Security at Georgetown University.  We dive deep on the United Nations Group of Government Experts, and the recent agreement of that group on a few basic norms for… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Robert Knake

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for Episode 73 is Rob Knake, currently the Council on Foreign Relations Senior Fellow for Cyber Policy and formerly with DHS, the White House, and the Richard Clarke finishing school for cybersecurity policymakers.  Rob and I are quickly embroiled in disagreement; as usual, I mock the cyberspace “norms” that Rob supports and disagree… Continue Reading

Digital Payments and Currencies: Global Threat or Opportunity?

Posted in Blockchain, Privacy Regulation, Security Programs & Policies, Virtual Currency

On Thursday, April 23, I spoke at the Bretton Woods Committee seminar, “Digital Payments and Currencies: Global Threat or Opportunity?”  The panel discussed the changes digital currencies and payment systems have brought to the market and the disruptive potential of a future in which they may become more conventional. An audio clip of the seminar… Continue Reading

Steptoe Cyberlaw Podcast – Interview with James Baker

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

James Baker, General Counsel of the FBI, is our guest on this week’s podcast. He fearlessly tackles the FBI’s aerial surveillance capabilities, stingrays, “Going Dark,” encryption, and the bureau’s sometimes controversial attribution of cyberattacks.  But he prudently punts on the Hack of the Century, refusing to reveal details of the FBI investigation into the Houston Astros… Continue Reading

New EU Data Protection Law: Are We There Yet?

Posted in International, Privacy Regulation, Security Programs & Policies

EU data protection (privacy) law is changing, albeit slowly.  After three years of intense discussions behind the scenes, the Council, the last of the EU institutions to reveal its hand, has finally managed to adopt a negotiating position on the General Data Protection Regulation or GDPR.  Three-way talks with the Commission and Parliament are confirmed… Continue Reading

Steptoe Cyberlaw Podcast – Interview with David Anderson

Posted in Blockchain, China, Cybersecurity and Cyberwar, Data Breach, PCLOB, Privacy Regulation, Security Programs & Policies, Virtual Currency

Privacy advocates are embracing a recent report recommending that the government require bulk data retention by carriers and perhaps web service providers, exercise extraterritorial jurisdiction over data stored abroad, and expand reliance on classified judicial warrants.  In what alternative universe is this true, you ask?  No need to look far.  That’s the state of the… Continue Reading

Are New York’s BitLicense Rules Good or Bad for Bitcoin?

Posted in Blockchain, Security Programs & Policies, Virtual Currency

It’s only been about a week since New York’s outgoing Superintendent of Financial Services Ben Lawsky released the long-awaited “BitLicense” rules for digital currency businesses operating in New York, but it’s not too early to try to assess the potential impact of those rules on the development of Bitcoin-related businesses and emerging financial technologies. The… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dan Kaminsky

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for Episode 70 of the Cyberlaw Podcast is Dan Kaminsky, a famous cybersecurity researcher who found and helped fix a DNS security flaw.  Dan is now the Chief Scientist at WhiteOps, but I got to know him in an unlikely-bedfellows campaign against SOPA because of its impact on DNS security.  Dan and I… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jason Brown

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for Episode 69 is Jason Brown, the Assistant to the Special Agent in Charge of the Cyber Intelligence Section at the US Secret Service.  We talk about the Secret Service’s Electronic Crimes Task Forces and their critical role in investigating data breaches affecting financial institutions, retailers and other companies.  We also discuss how… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Julian Sanchez

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guests for Episode 68 include Julian Sanchez, senior fellow at the CATO Institute where he studies issues at the busy intersection of technology, privacy, and civil liberties, with a particular focus on national security and intelligence surveillance. They also include the entire May meeting of ISSA- NOVA, which kindly invited the Cyberlaw Podcast to… Continue Reading

BIS Proposes Cybersecurity Export Control Rule: Significant Changes Possible

Posted in Cybersecurity and Cyberwar, International, Security Programs & Policies

On May 20, 2015, the Department of Commerce Bureau of Industry and Security (BIS) published a proposed rule affecting exports of intrusion software, surveillance systems, and related systems, equipment, software, and components.  The proposed rule provides for new and amended export control classification numbers (ECCNs) for these “cybersecurity items,” resulting in new licensing and reporting… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dan Geer

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for Episode 67 is Dan Geer, a legendary computer security commentator and current CISO for In-Q-Tel.  We review Dan’s recommendations for improving computer security, including mandatory reporting of intrusions, liability for proprietary software, striking back at hackers, at least in some ways, and getting the government to purchase and fix vulnerabilities.  We agree… Continue Reading

The Constitutional Future of Section 215

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

Yesterday  I joined the National Constitution Center’s We the People podcast to debate the constitutional future of the Patriot Act’s Section 215 with Jeffrey Rosen, National Constitution Center, Bobby Chesney, Charles I. Francis Professor in Law and Associate Dean for Academic Affairs at the University of Texas School of Law, and Deborah Pearlstein, associate professor of constitutional and international… Continue Reading

Why Bitcoin is Good for Law Enforcement – and Why Law Enforcement is Good for Bitcoin

Posted in Cybersecurity and Cyberwar, Security Programs & Policies, Uncategorized

Most people who’ve heard of “Bitcoin” know it only as a virtual currency sometimes used by criminals.  But there are entrepreneurs, engineers, venture capitalists, and bankers who are betting big on the untapped economic potential of the “blockchain” – the underlying technology that makes Bitcoin run.  In a sense, Bitcoin is just the first “app”… Continue Reading

Steptoe Cyberlaw Podcast – Triple Entente Beer Summit

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, PCLOB, Security Programs & Policies

The Triple Entente Beer Summit was a great success, with an audience that filled the Washington Firehouse loft and a cast that mashed up Lawfare, Rational Security, and the Steptoe Cyberlaw Podcast.  We attribute the podcast’s freewheeling interchange to the engaged audience, our profound respect for each other, and, mostly, the beer. We begin by… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Bruce Schneier

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 65 would be ugly if it weren’t so much fun.  Our guest is Bruce Schneier, cryptographer, computer science and privacy guru, and author of the best-selling Data and Goliath – a book I annotated every few pages of with the words, “Bruce, you can’t possibly really believe this.”  And that’s pretty much how the… Continue Reading

Cyber Risks Facing Health Insurers

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

I recently did a guest a blog for ID Experts regarding the cyber risks facing health insurers in the wake of the Anthem and Premera breaches.  The post, “More Health Insurer Data Breaches Are Coming – What Can You Do to Prepare?,” provides an overview of what other health insurers can do to mitigate their… Continue Reading

Triple Entente Beer Summit

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

I hope you will join us on Thursday, May 7 from 6:00 pm – 9:00 pm for the “Triple Entente Beer Summit” at The Washington Firehouse (1626 North Capitol Street Northwest, Washington, DC).  This live recording of the three podcasts – Steptoe Cyberlaw Podcast, Lawfare Podcast, and Rational Security – will be your chance to meet… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Mary DeRosa

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for episode 64 of the Cyberlaw Podcast is Mary DeRosa, the chief lawyer for the National Security Council during the early years of the Obama Administration, and now a Distinguished Visitor at Georgetown University Law Center.  We ask Mary to walk us through a hypothetical set of NSC meetings on the Sony breach… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Alan Cohn

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for episode 63 of the Cyberlaw Podcast is Alan Cohn, former Assistant Secretary for Strategy, Planning, Analysis & Risk in the DHS Office of Policy and a recent addition at Steptoe.  Alan brings to bear nearly a decade of experience at DHS to measure the Department’s growth.  He explains how it has undertaken… Continue Reading