Cybersecurity and Cyberwar

Cybersecurity should be one of the core parts of business strategies. Strong cybersecurity can help businesses to protect their systems, networks and data from cyberattacks, and to prevent financial loss, reputational damage, and disruption to their operations.

On the occasion of the cybersecurity awareness month, we present some key European Union (EU) cybersecurity laws that

The US has never really had a “cyberczar.” Arguably, though, the UK has. The head of the National Cyber Security Center combines the security roles of NSA and DHS’s CISA. To find out how cybersecurity issues look from that perspective, we interview Ciaran Martin, the first director of the NCSC.

In the news

It’s a story that has everything, except a reporter able to tell it. A hostile state attacking the US power grid is a longstanding and quite plausible national security concern.

The Trump administration was galvanized by the threat, even seizing Chinese power equipment at the port to do a detailed breakdown and then issuing

We interview Jane Bambauer on the failure of COVID-tracking phone apps. She and Brian Ray are the author of “COVID-19 Apps Are Terrible—They Didn’t Have to Be,” a paper for Lawfare’s Digital Social Contract project. It turns out that, despite high hopes, the failure of these apps was overdetermined, mainly by twenty

According to media reports, Russian government hackers have penetrated the systems of thousands of companies across a variety of industries, as well numerous US government agencies. Moreover, what has been publicly reported may be only the tip of the iceberg in terms of both the scope of the attacks’ victims and the attackers’ methodologies. The most recent reporting also suggests that victim companies are not just those that would be of obvious interest to Russian intelligence services. Accordingly, all companies should assess whether they have been affected by this attack, what steps they need to take to remediate those effects, and what legal and contractual obligations they may have to notify government agencies, business partners, customers, and individuals.
Continue Reading The Urgent Need to Assess and Respond to Russian Supply Chain Attacks

Did you ever wonder where all that tech money came from all of a sudden? Turns out, a lot of it comes from online programmatic ads, an industry that gets little attention even from the companies, such as Google, that it made wealthy. That lack of attention is pretty ironic, because lack of attention

On October 5, the US Department of Energy’s Office of Cybersecurity, Energy Security and Emergency Response (CESER) reached a $3 million partnership agreement with the National Institute of Standards and Technology (NIST) in order to “research and develop tools and practices that will strengthen the cybersecurity of the nation’s energy sector and maritime transportation system.”

According to CESER, 40% of all maritime traffic is comprised of energy products, which highlights the importance of addressing cybersecurity risks at seaports and in maritime transportation to safeguard US energy security. In the past several years, the incidence of cyber-intrusions, malware attacks and other dangerous lapses in cybersecurity impacting the maritime and energy sectors has increased tremendously across the globe.

Continue Reading US DOE and NIST Partner to Improve Cybersecurity in Energy, Maritime Transportation Industries

Tomorrow (July 22), please join Steptoe’s Fred Geldon along with Katie Arrington, CISO for the DoD Acquisition Department and other key leaders at the Cybersecurity Maturity Model Certification (CMMC) Academy Virtual Summit. The summit will explore how prime contractors and subcontractors can get ready for CMMC assessment, as well as the international and legal aspects

The big news of the week was the breathtakingly arrogant decision of the European Court of Justice, announcing that it would set the  rules for how governments could use personal data in fighting crime and terrorism.

Even more gobsmacking, the court decided to impose those rules on every government on the planet – except

Our interview is with Bruce Schneier, who has coauthored a paper about how to push security back up the Internet-of-things supply chain: The reverse cascade: Enforcing security on the global IoT supply chain.  His solution is hard on IOT affordability and hard on big retailers and other middlemen, who will face new