Header graphic for print
Steptoe Cyberblog

Tag Archives: cybersecurity

Steptoe Cyberlaw Podcast – Interview with Bruce Andrews

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies

Our guest for episode 77 is Bruce Andrews, the deputy secretary of the Commerce Department. Alan Cohn and I pepper Bruce with questions about export controls on cybersecurity technology, stopping commercial cyberespionage, the future of the NIST cybersecurity framework, and how we can get on future cybersecurity trade missions, among other things. In the news… Continue Reading

Does Your CEO Know What’s Keeping You Up at Night?

Posted in Cybersecurity and Cyberwar, Data Breach

Security Magazine’s Security Talk interviewed us on how we help clients navigate cybersecurity issues.  In the article, “Does Your CEO Know What’s Keeping You Up at Night?,” we discuss how a company’s ability to weather a cyber attack depends in part on the decisions the company makes both before a breach occurs and in the immediate… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Annie Antón and Peter Swire

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 76 of the podcast features the power couple of privacy and cybersecurity, Peter Swire and Annie Antón, both professors at Georgia Institute of Technology.  I question them on topics from the USA FREEDOM Act to the enduring gulf between writing law and writing code. In the news roundup, as our listeners have come to… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Michael Casey

Posted in Blockchain, Cybersecurity and Cyberwar, International, Privacy Regulation

Hip Hop Summit at Graceland: Michael Casey and Digital Money Bitcoin and the blockchain – how do they work and what do they mean for financial and government services and for consumers? And who holds massive stores of bitcoin that can’t be spent without solving one of the great financial mysteries of our time?  Our… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Catherine Lotrionte

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies, Virtual Currency

Our guest commentator for episode 74 is Catherine Lotrionte, a recognized expert on international cyberlaw and the associate director of the Institute for Law, Science and Global Security at Georgetown University.  We dive deep on the United Nations Group of Government Experts, and the recent agreement of that group on a few basic norms for… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Robert Knake

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for Episode 73 is Rob Knake, currently the Council on Foreign Relations Senior Fellow for Cyber Policy and formerly with DHS, the White House, and the Richard Clarke finishing school for cybersecurity policymakers.  Rob and I are quickly embroiled in disagreement; as usual, I mock the cyberspace “norms” that Rob supports and disagree… Continue Reading

New EU Data Protection Law: Are We There Yet?

Posted in International, Privacy Regulation, Security Programs & Policies

EU data protection (privacy) law is changing, albeit slowly.  After three years of intense discussions behind the scenes, the Council, the last of the EU institutions to reveal its hand, has finally managed to adopt a negotiating position on the General Data Protection Regulation or GDPR.  Three-way talks with the Commission and Parliament are confirmed… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dan Kaminsky

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for Episode 70 of the Cyberlaw Podcast is Dan Kaminsky, a famous cybersecurity researcher who found and helped fix a DNS security flaw.  Dan is now the Chief Scientist at WhiteOps, but I got to know him in an unlikely-bedfellows campaign against SOPA because of its impact on DNS security.  Dan and I… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Julian Sanchez

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guests for Episode 68 include Julian Sanchez, senior fellow at the CATO Institute where he studies issues at the busy intersection of technology, privacy, and civil liberties, with a particular focus on national security and intelligence surveillance. They also include the entire May meeting of ISSA- NOVA, which kindly invited the Cyberlaw Podcast to… Continue Reading

BIS Proposes Cybersecurity Export Control Rule: Significant Changes Possible

Posted in Cybersecurity and Cyberwar, International, Security Programs & Policies

On May 20, 2015, the Department of Commerce Bureau of Industry and Security (BIS) published a proposed rule affecting exports of intrusion software, surveillance systems, and related systems, equipment, software, and components.  The proposed rule provides for new and amended export control classification numbers (ECCNs) for these “cybersecurity items,” resulting in new licensing and reporting… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Dan Geer

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for Episode 67 is Dan Geer, a legendary computer security commentator and current CISO for In-Q-Tel.  We review Dan’s recommendations for improving computer security, including mandatory reporting of intrusions, liability for proprietary software, striking back at hackers, at least in some ways, and getting the government to purchase and fix vulnerabilities.  We agree… Continue Reading

Steptoe Cyberlaw Podcast – Triple Entente Beer Summit

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, PCLOB, Security Programs & Policies

The Triple Entente Beer Summit was a great success, with an audience that filled the Washington Firehouse loft and a cast that mashed up Lawfare, Rational Security, and the Steptoe Cyberlaw Podcast.  We attribute the podcast’s freewheeling interchange to the engaged audience, our profound respect for each other, and, mostly, the beer. We begin by… Continue Reading

Triple Entente Beer Summit

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

I hope you will join us on Thursday, May 7 from 6:00 pm – 9:00 pm for the “Triple Entente Beer Summit” at The Washington Firehouse (1626 North Capitol Street Northwest, Washington, DC).  This live recording of the three podcasts – Steptoe Cyberlaw Podcast, Lawfare Podcast, and Rational Security – will be your chance to meet… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Alan Cohn

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for episode 63 of the Cyberlaw Podcast is Alan Cohn, former Assistant Secretary for Strategy, Planning, Analysis & Risk in the DHS Office of Policy and a recent addition at Steptoe.  Alan brings to bear nearly a decade of experience at DHS to measure the Department’s growth.  He explains how it has undertaken… Continue Reading

Treasury Sanctions on Cyber Attackers

Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

The executive order allowing the President to impose OFAC sanctions on hackers is good news.  I’ve been calling on the government for several years to go beyond attribution to retribution.  See, for example this post from 2012, this Foreign Policy article, and this recent podcast with Juan Zarate.  Similar sentiments were expressed in a 2013 report… Continue Reading

Why the House Information-Sharing Bill Could Actually Deter Information Sharing

Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

The House Intelligence Committee has now adopted a manager’s amendment to what it’s now calling the “Protecting Cyber Networks Act.”  Predictably, privacy groups are already inveighing against it. I fear that the House bill is indeed seriously flawed, but not because it invades privacy.  Instead, it appears to pile unworkable new privacy regulations on the… Continue Reading

How Lawyers Can Deter the Cybertheft of Commercial Secrets

Posted in China, Cybersecurity and Cyberwar, International, Security Programs & Policies

Cyberspies can’t count on anonymity any more. The United States (and the private security firm Mandiant) stripped a PLA espionage unit of its cover two years ago with a detailed description of the unit’s individual hackers; that report was followed by federal indictments of members of the unit that described them and their activities is… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Siobhan Gorman

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for Episode 56 of the Cyberlaw Podcast is Siobhan Gorman, who broke many of the top cybersecurity stories for the Wall Street Journal until she left late last year to join the Brunswick Group, which does crisis communications for private companies.  Siobhan comments on the flood of attribution stories in recent days, including… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Ben Wittes

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Episode 54 of the Cyberlaw Podcast features a guest appearance by Lawfare’s own Ben Wittes, discussing cybersecurity in the context of his forthcoming book, The Future of Violence, authored by Ben and Gabriella Blum.  (The future of violence, you won’t be surprised to hear, looks bright.)  Ben also floats the idea of taping an episode… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Alexander Klimburg

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

In this week’s episode of the Cyberlaw Podcast, I take our new mobile recording equipment to Paris to talk about Europe’s cybersecurity directive with Alex Klimburg, of the Hague Institute for Strategic Studies and the Harvard Kennedy School’s Belfer Center.  The directive is in its final stages after a two-year buildup, and the most recent… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Shane Harris

Posted in China, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our interview focuses on Shane Harris and his new book, @War:  The Rise of the Military-Internet Complex.   It’s a good read and a good book, marred by the occasional deployment of easy lefty tropes – government contractors are mercenaries, the military sees war as an opportunity to expand turf, cybersecurity is a threat to privacy,… Continue Reading

A Week of Bad News and Good News in Cybersecurity – Here’s What You Need to Know

Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & Policies

It was a busy week for companies and government agencies struggling to combat the growing threat of cyber-attacks, with some bad news and some good news.  Here’s what you need to know, and how we can help. What you Need to know First, the bad news: Lawsuits against Target move forward and lawsuits against Home… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Troels Oerting

Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Our guest for the week is Troels Oerting, the head of EC3, Europe’s new cybercrime coordination center.  He talks about EC3’s role in the recent take down of over 400 darknet sites, arrests of travelers using fake credit cards and of users of the Blackshades Remote Access Tool.  He repeats his view that there are… Continue Reading

Steptoe Cyberlaw Podcast – Interview with Orin Kerr

Posted in Cloud Computing, Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

We share the program this week with Orin Kerr, a regular guest who knows at least as much as we do about most of these topics and who jumps in on many of them.  Orin, of course, is a professor of law at George Washington University and well-known scholar in computer crime law and Internet surveillance…. Continue Reading