Cybersecurity & Tech

CYBERCOM Grows Up, Chinese IP Theft, and Apple's Bug Bounty

Paul Rosenzweig
Monday, August 8, 2016, 12:31 PM

A few days at the beach see a number of interesting (and as yet unremarked in Lawfare) cyber items:

Published by The Lawfare Institute
in Cooperation With

A few days at the beach see a number of interesting (and as yet unremarked in Lawfare) cyber items:

CyberCom will become and independent combatant command. "The Obama administration is preparing to elevate the stature of the Pentagon’s Cyber Command, signaling more emphasis on developing cyber weapons to deter attacks, punish intruders into U.S. networks and tackle adversaries such as Islamic State." This will have significant practical impacts -- not the least of which is the reported plan to make future NSA Directors civilian appointees instead of military.

China still stealing American IP. In the "duh ... what did you expect" category: "A new report released today from the Institute for Critical Infrastructure Technology (ICIT) warns that China's five-year plan for the years 2016-2020 is heavily reliant upon the digital theft of Western nations' intellectual property, despite the 2015 Sino-U.S. pact to eliminate cyberattacks against corporate assets. Entitled China's Espionage Dynasty: Economic Death by a Thousand Cuts, the paper looks to paint a comprehensive portrait of China's cyberspy program through the aggregation of reports from the U.S. government, cybersecurity firms and independent sources."

Apple offers bug bounty. Apple was one of the last companies that refused to pay rewards to indpendent researchers who found flaws in their code. No longer. "Apple Inc (AAPL.O) said it plans to offer rewards of up to $200,000 (£152,433) to researchers who find critical security bugs in its products, joining dozens of firms that already offer payments for help uncovering flaws in their products. The maker of iPhones and iPads provided Reuters with details of the plan, which includes some of the biggest bounties offered to date, ahead of unveiling it on Thursday afternoon at the Black Hat cyber security conference in Las Vegas. The program will initially be limited to about two dozen researchers who Apple will invite to help identify hard-to-uncover security bugs in five specific categories." Perhaps they got tired of waiting for the FBI to tell them how it got into the iPhone.

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare