Header graphic for print
Steptoe Cyberblog

Category Archives: Security Programs & Policies

Subscribe to Security Programs & Policies RSS Feed

Steptoe Cyberlaw Podcast – Interview with Daniel Sutherland

Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

In this week’s episode, we explore the latest FOIA tussle between the FBI and ACLU over NSA and the dog-bites-man story of Larry Klayman losing another long-shot appeal. This Week in NSA focuses on the Bloomberg story claiming that the agency is exploiting the Heartbleed flaw. Kudos to NSA for managing to persuasively deny the… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Benjamin Wittes

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

This week’s podcast features a conversation with none other than Lawfare’s own Ben Wittes. But it begins as usual with This Week in NSA: A Reuters story claims that researchers showed something bad about the way NSA influenced the Dual EC encryption standard.  The story glided insouciantly over two of the more newsworthy aspects of… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Michael Allen

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our special guest this week is Michael Allen, former Majority Staff Director of the House intelligence committee.  Mike is the founder of Beacon Global Strategies and the author of Blinking Red, the story of the creation of the Director of National Intelligence. We drag him into the program from the beginning, getting his take on… Continue Reading

Debating Snowden

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

For some reason, debates about Snowden are thick on the ground these days, and I’ve joined a couple of them. The most fun was the Oxford Union, which has been preparing future Parliamentarians (and Prime Ministers) all around the British Commonwealth since 1823. The Oxford Union debate was “This House would call Edward Snowden a… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jim Lewis

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

This week’s cyberlaw podcast begins as always with the week in NSA. We suspect that a second tech exec meeting with the President (for two hours!) bodes ill for the intelligence community, or at least the 215 metadata program, as does the shifting position of usually stalwart NSA supporters like Dianne Feinstein and Dutch Ruppersberger…. Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dan Novack

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

This week’s podcast covers the latest on NSA.  We mock EFF overriding one of the privacy protections in NSA’s metadata program by killing the 5-year retention limit.  We puzzle over the New York Times story on “raw take.”  What exactly is the news there?  We also ask whether NSA and the telcos will end up… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Mark Weatherford

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

In the latest episode of the Steptoe Cyberlaw Podcast, Jason Weinstein and I cover a host of topics. In the continuing NSA saga, we note the Director’s hints about a possible end to the broad collection of metadata – and the FISA court’s refusal to extend the 5-year retention deadline for NSA’s store of metadata…. Continue Reading

Steptoe Cyberlaw Podcast – Interview with Adam Sedgewick

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

In our ninth episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, and Jason Weinstein discuss: This week in NSA/Snowden: NSA weighs options for 215 data and the Office of the Director of National Intelligence will not disclose the study of storage options; GCHQ’s webcam captures; Canadian extradition flap; ABA President sends letter to… Continue Reading

Time for a change in the cybersecurity paradigm

Posted in Cybersecurity and Cyberwar, Security Programs & Policies

Earlier today the Wall Street Journal’s Risk and Compliance Journal published an interview with me and Steve Chabinsky from Crowdstrike about cybersecurity. In the interview, Steve and I make the case that the current paradigm for protecting companies against cyberattacks isn’t working, and that fixing it involves focusing on aligning private sector and government resources… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ed Stroz

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

In our eighth episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, Jason Weinstein and guest commentators Stephen Heifetz and Stephanie Roy discuss: This week in NSA/Snowden: Law Firm Surveillance Report Cited in Legal Challenge and Report: American law firm’s communications spied on; Merkel Backs Plan to Keep European Data in Europe and EU… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Steve Chabinsky

Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

In our seventh episode of the Steptoe Cyberlaw Podcast, Jason Weinstein discusses: This week in NSA: Clapper says Snowden exploited perfect storm of security lapses/Snowden swiped password from NSA coworker; FISA Court backs Pres. Obama’s changes to phone metadata program/government seeking info about private sector’s ability to hold the data; Rand Paul sues Pres. Obama… Continue Reading

Steptoe Cyberlaw Podcast – Interview with John Rizzo

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

In our sixth episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, and Jason Weinstein discuss: This Week in NSA: Transparency reports disclose Foreign Intelligence Surveillance orders and telephony metadata program is not tracking as much as previously thought Target breach update: hackers got in through HVAC contractor and Senate Judiciary Committee hearing and… Continue Reading

Cyberlaw Podcast – Interview with Ellen Nakashima

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

In our fifth episode of the Steptoe Cyberlaw Podcast, Michael Vatis and Jason Weinstein discuss: Potential talks between the US and Snowden if he pleads guilty Senator Leahy’s view of Privacy and Civil Liberties Oversight Board; calls for end to 215 program during Senate hearing with AG; cyber researchers also call for end to program… Continue Reading

Another Takeaway from TARGET: Are you being targeted through your vendors?

Posted in Data Breach, Security Programs & Policies

Yesterday TARGET announced that the hackers who committed the breach that has potentially affected as many as 110 million customers gained access to its systems through one of its vendors. Although the details are still emerging as the forensic investigation continues, this early report is a reminder that your vendors can be a potential source… Continue Reading

Cyberlaw Podcast – Interview with David Medine

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

In our fourth episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Jason Weinstein, and guest commentator Steptoe partner Chris Conte, discuss: Privacy and Civil Liberties Oversight Board issues report Supreme Court grants cert on cell phone searches incident to arrest SEC’s National Examination Program identifies cybersecurity risk as exam priority Verizon transparency report FTC gets… Continue Reading

Republican National Committee draws fire for resolution condemning NSA

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

Almost immediately after the Republican National Committee adopted an error-filled resolution attacking the NSA and its telephone metadata program, current and former GOP officials took a strong stand against the RNC resolution: [T]he RNC resolution threatens to do great damage to the security of the nation. It would be foolhardy to end the program without… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Chris Inglis

Posted in Cybersecurity and Cyberwar, International, Security Programs & Policies

In our third episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Michael Vatis, and Jason Weinstein discuss the Aereo case that the Supreme Court has decided to hear; share their reactions to the President’s NSA announcement; explain what went on with Apple’s refund of in-app purchases; discuss NIST’s announcement that they would reduce the privacy… Continue Reading

Steptoe Cyberlaw Podcast – Episode Two

Posted in Privacy Regulation, Security Programs & Policies

Welcome to the next installment of the new Steptoe Cyberlaw Podcast. In our second episode, Stewart Baker, Michael Vatis, Jason Weinstein, and guest panelist Stephanie Roy predict what the President may say regarding the NSA; discuss the latest update in the Target and Nieman Marcus breaches; and explain the recent net neutrality decision. Download the… Continue Reading

Is the Congressional Response to the Target Breach Off-Target?

Posted in Data Breach, Security Programs & Policies

In the aftermath of the TARGET breach announced last month, there has been much talk of how to respond to large-scale breaches of this type.  Lawmakers are eager to write legislation to increase the FTC’s enforcement powers and create a national breach notification standard.  But if the congressional response focuses entirely on breach notification and… Continue Reading

Tightening the Screws on Chinese Investment

Posted in China, International, Security Programs & Policies

The Committee on Foreign Investment in the United States, or CFIUS, reviews foreign investments for national security risks. It is now beyond doubt that Chinese investment is getting much closer scrutiny from CFIUS. A total of ten transactions failed to survive review in 2012, according to a just-released Treasury report. That may not sound like… Continue Reading

The Shorter Matt Blaze: NSA Hacking Is OK, As Long As We Take Away Its Best Hacking Tools

Posted in Privacy Regulation, Security Programs & Policies

Matt Blaze, a well-known public cryptographer and NSA critic, offered what seemed like a modest concession in the relentless campaign against NSA intelligence gathering: The NSA’s tools are very sharp indeed, even in the presence of communications networks that are well hardened against eavesdropping. How can this be good news? It isn’t if you’re a… Continue Reading