Header graphic for print
Steptoe Cyberblog

Tag Archives: cybersecurity

Steptoe Cyberlaw Podcast – Bonus Episode – Interview with Charles Allen and John McLaughlin

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

127: Vlad’s Cojones I know we promised to take August off, but I was inspired by the flap over the DNC hack and the fact that I’m at the Aspen Homeland Security Working Group meeting in Colorado. I waylaid two former intelligence community members on the Aspen campus and asked for their views on the… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ed Hammersla and Brian White

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 126 – The podcast goes to the conventions If Vladimir Putin can do it, so can we. This week the podcast dives deep into the US presidential campaign. I of course talk with Maury Shenk about evidence that the Russians are behind “Guccifer 2.0” and the DNC data leak – aided by a Wikileaks… Continue Reading

New “Insider Threat” Programs Required for Cleared Contractors

Posted in Security Programs & Policies

On May 18, 2016, the Department of Defense published “Change 2” to the National Industrial Security Program Operating Manual (NISPOM) that requires contractors to establish and maintain a program to detect, deter and mitigate insider threats by November 30, 2016.  Although cleared contractors are already obligated to protect classified information to which they have access,… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jeremy and Ariel Rabkin

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In the news roundup, Michael Vatis covers Microsoft’s surprising Second Circuit victory over the Justice Department in litigation over a warrant for data stored in Ireland.  The hidden issue in that case was data localization – the same issue driving the Justice Department’s new legislative proposal to allow foreign nations to obtain information from US… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Congressman Will Hurd (R-TX)

Posted in Cybersecurity and Cyberwar, International

What’s the difference between serving in Congress and spying in the back alleys of a Middle Eastern bazaar? Why not ask the one Congressman who’s done both – Rep. Will Hurd (R-TX). He also has cybersecurity chops from his career in industry, so he makes the perfect guest for episode 124a of the podcast. Just running through… Continue Reading

Steptoe Cyberlaw Podcast – News Round-Up

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

This week’s news roundup is dominated by the Ninth Circuit and the European Union. The EU parliament has approved the Privacy Shield that replaces the Safe Harbor. Michael Vatis, Alan Cohn and I ask whether companies should seek protection under what may prove to be a pretty leaky Shield. And the EU has approved cybersecurity… Continue Reading

Steptoe Cyberlaw Podcast – News Round-Up

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Edward Snowden criticizes Russia’s mass surveillance law, and a Russian official retaliates by outing him ‒ as a Russian intelligence source.  Silent Circle, the phone company that built its marketing on fear and loathing of the NSA, is nearing bankruptcy. And members of the dominant European Parliament faction are asking the Commission, “Hey! How come… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Fred Kaplan

Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Was Iran’s cyberattack that bricked vast numbers of Saudi Aramco computers justified by a similar attack on the National Iranian Oil Company a few months’ earlier?  Does NSA have the ability to “replay” and attribute North Korean attacks on companies like Sony? And how do the last six NSA directors stack up against each other? … Continue Reading

Steptoe Cyberlaw Podcast – News Round-Up with Paul Rosenzweig

Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

European hypocrisy on data protection is a lot like the weather.  Everyone complains about it but no one does anything about it.  Until today. In episode 120, we announce the launch of the Europocrisy Prize.  With the support of TechFreedom, we’re seeking tax deductible donations for a prize designed to encourage the proliferation of Schrems-style litigation,… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Kevin Kelly

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for episode 119 is Kevin Kelly, founding executive editor of Wired Magazine and author of The Inevitable: Understanding the 12 Technological Forces that will Shape our Future.  Kevin and I share many views – from skepticism about the recording industry’s effort to control their digital files to a similar skepticism about EFF’s effort… Continue Reading

FAR Council Issues Rule on Basic Safeguarding of Covered Contractor Information Systems

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

On May 16, four years after issuing a proposed rule, the FAR Council issued a final cybersecurity-related rule that reaches deep into the supply chain and is applicable to virtually all government contractors and subcontractors.  The rule establishes a new FAR subpart 4.19 and a clause 52.204-21, both of which are entitled “Basic Safeguarding of Covered… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Patrick Gray

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest, Patrick Gray, is the host of the excellent Risky Business security podcast.  He introduces us to the cybersecurity equivalent of decapitation by paper cut and offers a technologist’s take on multiple policy and legal issues.  In the news roundup, Michael explains the many plaintiff-friendly rulings obtained by the banks suing Home Depot over… Continue Reading

Cyber-Liability Insurance and the Retroactive Date Exclusion

Posted in Data Breach

Our colleague, Stephen O’Donnell, authored a blog post published by The D&O Diary.  In it, he discusses two particular standard features of cyber liability insurance policies, the retroactive date and policy inception date exclusions, and the potential for these exclusions to preclude coverage for the very kind of exposures that are the reasons most purchasers buy… Continue Reading

Steptoe Cyberlaw Podcast – Interview with General Hayden

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies, Virtual Currency

Our guest for episode 114 is General Michael Hayden, former director of the NSA and CIA; he also confirms that he personally wrote every word of his fine book, Playing to the Edge: American Intelligence in the Age of Terror.   In a sweeping interview, we cover everything from Jim Comey’s performance at the AG’s hospital… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Patrick Henry, Dan Kaminsky, Kiran Raj, and Dr. Zulfikar Ramzan

Posted in China, Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

No holds are barred as a freewheeling panel of cryptographers and security pros duke it out with me and the Justice Department over going dark, exceptional access, and the Apple-FBI conflict.  Among the combatants:  Patrick Henry, a notable cryptographer with experience at GCHQ, NSA, and the private sector; Dan Kaminsky, the Chief Scientist at White Ops;… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Eric Jensen

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

European news and sensibilities dominate episode 112.  I indulge in some unseemly gloating about Europe’s newfound enthusiasm for the PNR data it wasted years of my life trying to negotiate out of the US counterterrorism toolbox.  I pester our guest, Eric Jensen, about his work on the Talinn 2.0 manual covering the law of cyberwar;… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Suzanne Spaulding

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Just how sophisticated are the nations planning and carrying out cyberattacks on electric grids?  Very, is the short answer.   Our guest for episode 111, Suzanne Spaulding, DHS’s Under Secretary for the National Protection and Programs Directorate, lays out just how much planning and resources went into the attack on Ukraine’s grid, what it means for… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Susan Munro and Ying Huang

Posted in China, Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Steptoe recently held a client briefing in its Palo Alto office to update developments in the Chinese legal and regulatory that are impacting US technology companies operating in China.  I took advantage of the event to sneak in a quick discussion with Susan Munro and Ying Huang of Steptoe’s China practice, on how China is… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Adam Segal

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

What kind of internet world order does China want, and will it succeed?  That’s the question we ask Adam Segal, Maurice R. Greenberg Senior Fellow at the Council on Foreign Relation and author of The Hacked World Order.  We review China’s surprising success at getting tech companies to help it build an authoritarian Internet –… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Phil Reitinger

Posted in Cybersecurity and Cyberwar, Security Programs & Policies

In bonus episode 106, Stewart and Alan interview Phil Reitinger, former DHS Deputy Undersecretary for Cybersecurity and Sony Corporation CISO and current Director of the new Global Cyber Alliance, making up for the famous “lost episode” that Stewart and Alan recorded with Phil on the sidelines of the RSA Conference (“The best interview I ever… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Robin Weisman and Peter Van Valkenburgh

Posted in Blockchain, China, Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies, Virtual Currency

Doing our best to avoid turning this into the Applelaw podcast, episode 105 begins with Maury Shenk unpacking the new US-EU Privacy Shield details.  His take: more hassles for companies accused of noncompliance, more detailed privacy disclosures and compliance obligations for most members, and a modicum of pain for the intelligence community, but it’s still… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Jim Lewis

Posted in China, Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & Policies

Live from RSA, it’s episode 104, with special guest Jim Lewis, CSIS’s renowned cybersecurity expert and Steptoe’s own Alan Cohn.  We do an extended news roundup before an RSA audience that yields several good questions for the panel.  We had invited Bruce Sewell, Apple’s General Counsel, to participate, but he didn’t show.  So we felt… Continue Reading

Steptoe Cyberlaw Podcast – Hostfull II

Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

Due to technical difficulties, the interview for the 103rd episode will be released as a separate post next week.   In the news roundup, we explore Apple’s brief against providing additional assistance to the FBI in its investigation of the San Bernardino killings.  Michael Vatis finds good and bad in the brief – some entirely plausible arguments… Continue Reading