Security Programs & Policies

Subscribe to Security Programs & Policies

Brian Egan hosts this episode of the podcast, as Stewart Baker is hiking the wilds of New Hampshire with family. Nick Weaver joins the podcast to discuss the week in ransomware, as DOJ gets serious, and the gangs do too. Justice has a new ransomware task force,  and the gangs have asked  for $50

Our interview is with Mark Montgomery and John Costello, both staff to the Cyberspace Solarium Commission. The Commission, which issued its main report more than a year ago, is swinging through the pitch, following up with new white papers, draft legislative language, and enthusiastic advocacy for its recommendations in Congress, many of

This week we interview Eliot Higgins, founder and executive director of the online investigative collective Bellingcat and author of We Are Bellingcat.

Bellingcat has produced remarkable investigative scoops on everything from Saddam’s use of chemical weapons to exposing the Russian FSB operatives who killed Sergei Skripal with Novichok, and, most impressive, calling a

This episode features an interview with Jason Fagone, journalist and author of The Woman Who Smashed Codes: A True Story of Love, Spies, and the Unlikely Heroine Who Outwitted America’s Enemies. I wax enthusiastic about Jason’s book, which features remarkable research, a plot like a historical novel, and deep insights into what

On February 4, 2021, the New York State Department of Financial Services (NYDFS) released a Cyber Insurance Risk Framework (the Framework) to assist property and casualty insurers in managing their cyber insurance risk. The Framework comes on the heels of an increased demand for cyber insurance coverage from businesses to protect against the growing and ever-changing threat posed by cyberattacks.

To help issuers effectively manage the increased risk associated with issuing cyber insurance policies, the Framework recommends that insurers adopt seven “best practices,” which are discussed in this post.

Continue Reading New York Adopts Cybersecurity Framework for Insurers

This episode features a deep dive into the National Security Agency’s self-regulatory approach to overseas signals intelligence, or SIGINT. Frequent contributor David Kris takes us into the details of the SIGINT Annex that governs NSA’s collections outside the US. It turns out to be a surprising amount of fun as we stop to examine

We interview Jane Bambauer on the failure of COVID-tracking phone apps. She and Brian Ray are the author of “COVID-19 Apps Are Terrible—They Didn’t Have to Be,” a paper for Lawfare’s Digital Social Contract project. It turns out that, despite high hopes, the failure of these apps was overdetermined, mainly by twenty

Our news roundup is dominated by the seemingly endless ways that the US and China can find to quarrel over tech policy.  The Commerce Department’s plan to use an executive order to cut TikTok and WeChat out of the US market have now been enjoined. But the $50 Nick Weaver bet me that TikTok

For the first time in twenty years, the Justice Department is finally free to campaign for the encryption access bill it has always wanted.  Sens. Lindsey Graham (R-S.C.), Tom Cotton (R-Ark.), and Marsha Blackburn (R-Tenn.) introduced the Lawful Access To Encrypted Data Act. (Ars Technica, Press Release) As Nick

Our interview this week is with Chris Bing, a cybersecurity reporter with Reuters, and John Scott-Railton, Senior Researcher at Citizen Lab and PhD student at UCLA. John coauthored Citizen Lab’s report last week on BellTroX and Indian hackers for hire, and Chris reported for Reuters on the same organization’s activities –