Header graphic for print
Steptoe Cyberblog

Category Archives: Security Programs & Policies

Subscribe to Security Programs & Policies RSS Feed

Steptoe Cyberlaw Podcast – Interview with Julian Sanchez

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guests for Episode 68 include Julian Sanchez, senior fellow at the CATO Institute where he studies issues at the busy intersection of technology, privacy, and civil liberties, with a particular focus on national security and intelligence surveillance. They also include the entire May meeting of ISSA- NOVA, which kindly invited the Cyberlaw Podcast to… Continue Reading

BIS Proposes Cybersecurity Export Control Rule: Significant Changes Possible

Posted in Cybersecurity and Cyberwar, International, Security Programs & Policies

On May 20, 2015, the Department of Commerce Bureau of Industry and Security (BIS) published a proposed rule affecting exports of intrusion software, surveillance systems, and related systems, equipment, software, and components.  The proposed rule provides for new and amended export control classification numbers (ECCNs) for these “cybersecurity items,” resulting in new licensing and reporting… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dan Geer

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for Episode 67 is Dan Geer, a legendary computer security commentator and current CISO for In-Q-Tel.  We review Dan’s recommendations for improving computer security, including mandatory reporting of intrusions, liability for proprietary software, striking back at hackers, at least in some ways, and getting the government to purchase and fix vulnerabilities.  We agree… Continue Reading

The Constitutional Future of Section 215

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

Yesterday  I joined the National Constitution Center’s We the People podcast to debate the constitutional future of the Patriot Act’s Section 215 with Jeffrey Rosen, National Constitution Center, Bobby Chesney, Charles I. Francis Professor in Law and Associate Dean for Academic Affairs at the University of Texas School of Law, and Deborah Pearlstein, associate professor of constitutional and international… Continue Reading

Why Bitcoin is Good for Law Enforcement – and Why Law Enforcement is Good for Bitcoin

Posted in Cybersecurity and Cyberwar, Security Programs & Policies, Uncategorized

Most people who’ve heard of “Bitcoin” know it only as a virtual currency sometimes used by criminals.  But there are entrepreneurs, engineers, venture capitalists, and bankers who are betting big on the untapped economic potential of the “blockchain” – the underlying technology that makes Bitcoin run.  In a sense, Bitcoin is just the first “app”… Continue Reading

Steptoe Cyberlaw Podcast – Triple Entente Beer Summit

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, PCLOB, Security Programs & Policies

The Triple Entente Beer Summit was a great success, with an audience that filled the Washington Firehouse loft and a cast that mashed up Lawfare, Rational Security, and the Steptoe Cyberlaw Podcast.  We attribute the podcast’s freewheeling interchange to the engaged audience, our profound respect for each other, and, mostly, the beer. We begin by… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Bruce Schneier

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 65 would be ugly if it weren’t so much fun.  Our guest is Bruce Schneier, cryptographer, computer science and privacy guru, and author of the best-selling Data and Goliath – a book I annotated every few pages of with the words, “Bruce, you can’t possibly really believe this.”  And that’s pretty much how the… Continue Reading

Cyber Risks Facing Health Insurers

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

I recently did a guest a blog for ID Experts regarding the cyber risks facing health insurers in the wake of the Anthem and Premera breaches.  The post, “More Health Insurer Data Breaches Are Coming – What Can You Do to Prepare?,” provides an overview of what other health insurers can do to mitigate their… Continue Reading

Triple Entente Beer Summit

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

I hope you will join us on Thursday, May 7 from 6:00 pm – 9:00 pm for the “Triple Entente Beer Summit” at The Washington Firehouse (1626 North Capitol Street Northwest, Washington, DC).  This live recording of the three podcasts – Steptoe Cyberlaw Podcast, Lawfare Podcast, and Rational Security – will be your chance to meet… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Mary DeRosa

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for episode 64 of the Cyberlaw Podcast is Mary DeRosa, the chief lawyer for the National Security Council during the early years of the Obama Administration, and now a Distinguished Visitor at Georgetown University Law Center.  We ask Mary to walk us through a hypothetical set of NSC meetings on the Sony breach… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Alan Cohn

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for episode 63 of the Cyberlaw Podcast is Alan Cohn, former Assistant Secretary for Strategy, Planning, Analysis & Risk in the DHS Office of Policy and a recent addition at Steptoe.  Alan brings to bear nearly a decade of experience at DHS to measure the Department’s growth.  He explains how it has undertaken… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dmitri Alperovitch

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for Episode 62 is is Dmitri Alperovitch, co-founder and CTO of CrowdStrike Inc. and former Vice President of Threat Research at McAfee.  Dmitri unveils a new Crowdstrike case study in which his company was able to impose high costs on an elite Chinese hacking team.  The hackers steadily escalated the sophistication of their… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Joseph Nye

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for episode 61 of the Cyberlaw podcast is Joseph Nye, former dean of the Kennedy School at Harvard and three-time national security official for State, Defense, and the National Intelligence Council.  We get a magisterial overview of the challenge posed by cyberweapons, how they resemble and differ from nuclear weapons, and (in passing)… Continue Reading

Treasury Sanctions on Cyber Attackers

Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

The executive order allowing the President to impose OFAC sanctions on hackers is good news.  I’ve been calling on the government for several years to go beyond attribution to retribution.  See, for example this post from 2012, this Foreign Policy article, and this recent podcast with Juan Zarate.  Similar sentiments were expressed in a 2013 report… Continue Reading

Why the House Information-Sharing Bill Could Actually Deter Information Sharing

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

The House Intelligence Committee has now adopted a manager’s amendment to what it’s now calling the “Protecting Cyber Networks Act.”  Predictably, privacy groups are already inveighing against it. I fear that the House bill is indeed seriously flawed, but not because it invades privacy.  Instead, it appears to pile unworkable new privacy regulations on the… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Paul Rosenzweig

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 60 of the Cyberlaw Podcast features Paul Rosenzweig, founder of Red Branch Consulting PLLC and Senior Advisor to The Chertoff Group.  Most importantly he was a superb Deputy Assistant Secretary for Policy in the Department of Homeland Security when I was Assistant Secretary. Paul discourses on the latest developments in ICANN, almost persuading me… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Richard Bejtlich

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Richard Bejtlich is our guest for episode 59 of the Cyberlaw Podcast.  Richard is the Chief Security Strategist at FireEye, an adviser to Threat Stack, Sqrrl, and Critical Stack, and a fellow at Brookings.  We explore the significance of China’s recently publicized acknowledgment that it has a cyberwar strategy, FireEye’s disclosure of a gang using… Continue Reading

How Lawyers Can Deter the Cybertheft of Commercial Secrets

Posted in China, Cybersecurity and Cyberwar, International, Security Programs & Policies

Cyberspies can’t count on anonymity any more. The United States (and the private security firm Mandiant) stripped a PLA espionage unit of its cover two years ago with a detailed description of the unit’s individual hackers; that report was followed by federal indictments of members of the unit that described them and their activities is… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dr. Andy Ozment

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In episode 58 of the Cyberlaw Podcast, our guest is Andy Ozment, who heads the DHS cybersecurity unit charged with helping improve cybersecurity in the private sector and the civilian agencies of the federal government.  We ask how his agency’s responsibilities differ from NSA’s and FBI’s, quote scripture to question his pronunciation of ISAO, dig… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Mike Rogers

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

This episode of the podcast features Rep. Mike Rogers, former chairman of the House intelligence committee, Doug Kantor, our expert on all things cyber in Congress, and Maury Shenk, calling in from London.  Mike Rogers is now a nationally syndicated radio host on Westwood One, a CNN national security commentator, and an adviser to Trident… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Siobhan Gorman

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for Episode 56 of the Cyberlaw Podcast is Siobhan Gorman, who broke many of the top cybersecurity stories for the Wall Street Journal until she left late last year to join the Brunswick Group, which does crisis communications for private companies.  Siobhan comments on the flood of attribution stories in recent days, including… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Nuala O’Connor

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In Episode 55 of the Cyberlaw Podcast, we revive This Week in NSA to explore the claim that GCHQ stole mass quantities of cell phone encryption keys.  Meanwhile, Jason explains the complex political battles over Rule 41, Michael explains why so many companies have rallied to Twitter’s first amendment claim against the Justice Department, and… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ben Wittes

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 54 of the Cyberlaw Podcast features a guest appearance by Lawfare’s own Ben Wittes, discussing cybersecurity in the context of his forthcoming book, The Future of Violence, authored by Ben and Gabriella Blum.  (The future of violence, you won’t be surprised to hear, looks bright.)  Ben also floats the idea of taping an episode… Continue Reading