The executive order allowing the President to impose OFAC sanctions on hackers is good news. I’ve been calling on the government for several years to go beyond attribution to retribution. See, for example this post from 2012, this Foreign Policy article, and this recent podcast with Juan Zarate. Similar sentiments were expressed
cyberattack
How Lawyers Can Deter the Cybertheft of Commercial Secrets
By Stewart Baker on
Cyberspies can’t count on anonymity any more.
The United States (and the private security firm Mandiant) stripped a PLA espionage unit of its cover two years ago with a detailed description of the unit’s individual hackers; that report was followed by federal indictments of members of the unit that described them and their activities is…
How Hackers Use Law Firms to Their Advantage
By Stewart Baker on
Recently, I was the keynote speaker for CityNationalBank’s “Cyberespionage: Who Wants Your Data? And What Can You Do About It?,” where I discussed the increased cyberattacks on law firms involved in international mergers and acquisitions.
“Groundhog Day” for Data Breaches
By Jason M. Weinstein on
Posted in Data Breach, Security Programs & Policies
Here we go again. A prominent company suffers a data breach. The company publicly alerts its customers. The company almost immediately finds itself the subject of inquiries from Congress and the target of investigations by regulators. Before long, class action lawyers will crank out complaints as if they’re Mad Libs, filling in the name of…
Time for a change in the cybersecurity paradigm
By Jason M. Weinstein on
Earlier today the Wall Street Journal’s Risk and Compliance Journal published an interview with me and Steve Chabinsky from Crowdstrike about cybersecurity. In the interview, Steve and I make the case that the current paradigm for protecting companies against cyberattacks isn’t working, and that fixing it involves focusing on aligning private sector and…
Are You Prepared for a Data Breach?
By Jason M. Weinstein on
Posted in Data Breach, Security Programs & Policies
I recently spoke to mainjustice.com (subscription required) about how companies can help prepare for a data breach in this “blame the victim” environment. The video of that interview can be found here:
Another Takeaway from TARGET: Are you being targeted through your vendors?
By Jason M. Weinstein on
Posted in Data Breach, Security Programs & Policies
Yesterday TARGET announced that the hackers who committed the breach that has potentially affected as many as 110 million customers gained access to its systems through one of its vendors. Although the details are still emerging as the forensic investigation continues, this early report is a reminder that your vendors can be a potential source…
Republican National Committee draws fire for resolution condemning NSA
Almost immediately after the Republican National Committee adopted an error-filled resolution attacking the NSA and its telephone metadata program, current and former GOP officials took a strong stand against the RNC resolution:
[T]he RNC resolution threatens to do great damage to the security of the nation. It would be foolhardy to end the…
TARGETed for a Breach – and Now TARGETed for Litigation
By Jason M. Weinstein on
Posted in Cybersecurity and Cyberwar, Data Breach
On Thursday, TARGET announced that it had been the victim of a cyber attack in which hackers stole data on credit and debit cards of as many as 40 million customers who made purchases at the height of the holiday shopping season. The incident was first reported the previous day by the website KrebsOnSecurity.com.…
New Controls on Surveillance and Hacking Tools?
By Stewart Baker on
The old Cold War export control alliance, now known as the Wassenaar Arrangement, hasn’t exactly been a hotbed of new controls since Russia joined the club. But according to the Financial Times, the 41-nation group is preparing a broad new set of controls on complex surveillance and hacking software and cryptography. I suspect that the…