The US-China Economic and Security Review Commission has issued its annual report. It reminds us that, while press and privacy campaigners have been hyperventilating over US intelligence programs, there are, you know, actual authoritarian governments at work in the United States — breaking into the networks of activists whom they dislike, newspapers whose sources
cyberattack
How NIST’s Cybersecurity Framework Could Reduce Cybersecurity
In my first post about NIST’s draft cybersecurity framework I explained its basic problem as a spur to better security: It doesn’t actually require companies to do much to improve their network security.
My second post argued that the framework’s privacy appendix, under the guise of protecting cybersecurity, actually creates a tough new privacy requirement…
Is NIST turning weak cybersecurity standards into aggressive new privacy regulation?
Following up on my earlier NIST post, it’s fair to ask why I think the NIST Cybersecurity Framework will be a regulatory disaster. After all, as I acknowledged in that post, NIST’s standards for cybersecurity are looking far less prescriptive than business feared. There’s not a “shall” or “should” to be found in NIST’s…
Who’s Afraid of the NIST Cybersecurity Framework?
Business and conservatives have been worried all year about the cybersecurity standards framework that NIST (the National Institute of Standards and Technology) is drafting. An executive order issued early this year, after cybersecurity legislation stalled on the Hill, told NIST to assemble a set of standards to address cyber risks. Once they’re adopted, the order…
The CFAA and the Insider Threat
Last week Rep. Zoe Lofgren introduced “Aaron’s Law,” legislation that would significantly amend the Computer Fraud and Abuse Act (CFAA). The proposed bill, drafted by Rep. Lofgren and Sen. Ron Wyden, is named in honor of the late Aaron Swartz, who took his own life earlier this year while under indictment for CFAA…
Using Attribution to Deter Cyberespionage
Foreign Policy has published my article on how attribution can be used to deter foreign governments’cyberespionage. Excerpts below:
The Obama-Xi summit in Sunnylands ended without any Chinese concessions on cyber-espionage. This came as no surprise; cyber spying has been an indispensable accelerant for China’s military and economic rise. And though Beijing may someday agree that…
Support for Retribution and Active Defense Increases
Chinese hacking continues to build anger in American business and government circles. As a result, private companies may be encouraged to do more than passively defend their networks as evidenced by the recent report of a commission headed by two Obama appointees, former US Ambassador to China (and minor GOP Presidential candidate) Jon Huntsman and…
The Question of ‘International Law of Cyberwar’
Will international law and diplomacy limit cyberwar? Those who believe in international “norms” for cyberwar usually argue that cyberattacks on financial institutions are beyond the pale.
For example, Harold Koh has declared the State Department’s view that cyberwarriors “must distinguish military objectives … from civilian objects, which under international law are generally protected from attack.”…
Europe Tries to Catch Up on Cybersecurity
Europe has typically been seen as the world’s leader in protecting privacy (for good or ill). But it has generally lagged behind the US when it comes to cybersecurity. Last month, it began playing catch-up when the European Commission put forth a cybersecurity strategy as well as a proposed Directive on network and information security…
Cyberattacks Ranked As Top Global Threat To US National Security
Ten to fifteen years ago, some of us on this blog (well, both of us) were called fear-mongers, and worse, for trying to raise the alarum about the threat to our security posed by cyberattacks. Times certainly have changed—or at least attitudes. Today, Director of National Intelligence James Clapper, in testimony before the US Senate,…