I hope you will join us on Thursday, May 7 from 6:00 pm – 9:00 pm for the “Triple Entente Beer Summit” at The Washington Firehouse (1626 North Capitol Street Northwest, Washington, DC). This live recording of the three podcasts – Steptoe Cyberlaw Podcast, Lawfare Podcast, and Rational Security – will be your chance
cybersecurity
Treasury Sanctions on Cyber Attackers
The executive order allowing the President to impose OFAC sanctions on hackers is good news. I’ve been calling on the government for several years to go beyond attribution to retribution. See, for example this post from 2012, this Foreign Policy article, and this recent podcast with Juan Zarate. Similar sentiments were expressed …
Why the House Information-Sharing Bill Could Actually Deter Information Sharing
The House Intelligence Committee has now adopted a manager’s amendment to what it’s now calling the “Protecting Cyber Networks Act.” Predictably, privacy groups are already inveighing against it.
I fear that the House bill is indeed seriously flawed, but not because it invades privacy. Instead, it appears to pile unworkable new privacy regulations on
…
How Lawyers Can Deter the Cybertheft of Commercial Secrets
Cyberspies can’t count on anonymity any more.
The United States (and the private security firm Mandiant) stripped a PLA espionage unit of its cover two years ago with a detailed description of the unit’s individual hackers; that report was followed by federal indictments of members of the unit that described them and their activities is…
A Week of Bad News and Good News in Cybersecurity – Here’s What You Need to Know
It was a busy week for companies and government agencies struggling to combat the growing threat of cyber-attacks, with some bad news and some good news. Here’s what you need to know, and how we can help.
What you Need to know
First, the bad news:
- Lawsuits against Target move forward and lawsuits against Home
…
9/11 Commission Gingerly Embraces “Direct Action” Against Hackers
I’ve long been an advocate for fewer restraints on how the private sector responds to hacking attacks. If the government can’t stop and can’t punish such attacks, in my view the least it could do is not threaten the victims with felony prosecution for taking reasonable measures in self-defense. I debated the topic with co-blogger…
“Fast Eddie” Snowden’s Problem with the Truth
The NBC interview with Edward Snowden was instructive in several ways. He continues to present himself as a reasonable man who tried to stop illegal programs but was left with no option but to go public. But the more closely you listen, especially when he says things that can be checked against the record, the…
Making sense of Bitcoin
With all of the hype and hyperbole surrounding bitcoin and the dizzying array of press coverage, it can be hard for companies to know where to start in evaluating the potential risks involved in making bitcoin a part of their business. Law360 published an article this week in which I make sense of it all…
Time for a change in the cybersecurity paradigm
Earlier today the Wall Street Journal’s Risk and Compliance Journal published an interview with me and Steve Chabinsky from Crowdstrike about cybersecurity. In the interview, Steve and I make the case that the current paradigm for protecting companies against cyberattacks isn’t working, and that fixing it involves focusing on aligning private sector and…
TARGETed for a Breach – and Now TARGETed for Litigation
On Thursday, TARGET announced that it had been the victim of a cyber attack in which hackers stole data on credit and debit cards of as many as 40 million customers who made purchases at the height of the holiday shopping season. The incident was first reported the previous day by the website KrebsOnSecurity.com.…