Armed Conflict
-
Cybersecurity Lessons From the Pandemic, or Pandemic Lessons From Cybersecurity
The Cyber Solarium Commission’s new white paper explores what the coronavirus can teach us about how to prepare for a major cyber attack. But it also highlights cybersecurity principles that would have b... -
Contact-Tracing Apps in the United States
In the U.S., efforts to develop digital contact-tracing systems have largely fallen to states and tech companies—though privacy advocates have voiced concerns about the invasiveness of such apps. -
The Israeli Supreme Court Checks COVID-19 Electronic Surveillance
The court invoked the nondelegation doctrine to require explicit statutory authorization of electronic surveillance.
Congress
-
Last Call at the “Star Wars Bar”: Harmonizing Incident and Breach Reporting Requirements
Policymakers have a golden opportunity to make cyber incident and breach reporting requirements more powerful and effective. -
Congress Invests in National Cyber Resilience but Misses Important Opportunities in the Consolidated Appropriations Act
The new appropriations bill is sound overall, but it addresses only half of the federal government’s cybersecurity mandate. -
The 2022 Cyber Incident Reporting Law: Key Issues to Watch
The new reporting mandate is designed to encourage compliance with the law and increase the quantity and quality of cyber incident reporting
Courts & Litigation
-
Fighting Insider Abuse After Van Buren
A win for civil libertarians does not mean a loss for data owners. -
The Supreme Court Reins In the CFAA in Van Buren
The Supreme Court handed down its first major decision construing the Computer Fraud and Abuse Act last week. The decision is a major victory for those of us who favor a narrow reading of the CFAA. It d... -
Supreme Court Hears Oral Argument in Van Buren v. United States
The arguments about the scope of the Computer Fraud and Abuse Act focused on the statute’s text and purpose—and some interesting hypotheticals.
Criminal Justice & Rule of Law
-
It’s Time to Surge Resources Into Prosecuting Ransomware Gangs
The Justice Department needs a “troop surge” of cyber prosecutors and agents to conduct long-term, proactive investigations into ransomware gangs and the organizations that enable them. -
No Server Left Behind: The Justice Department’s Novel Law Enforcement Operation to Protect Victims
The U.S. Department of Justice recently announced that it undertook a law enforcement operation to remove malware from hundreds of victim systems in the United States. What’s the significance of the move? -
The Case Against EU Cyber Sanctions for the Bundestag Hack
Germany’s request for sanctions against Russia would mark the first time the EU cyber sanctions regime has been invoked. But is it wise for the EU to use that regime in the current case?
Cybersecurity & Tech
-
Can Better Training Reduce the Success Rate of Phishing Attacks?
A review of Arun Vishwanath, “The Weakest Link: How to Diagnose, Detect, and Defend Users From Phishing Attacks” (MIT Press, 2022) -
The Lawfare Podcast: Jim Dempsey and Jonathan Spring on Adversarial Machine Learning and Cybersecurity
Risks associated with the rapid development and deployment of artificial intelligence are getting the attention of lawmakers. But one issue that may not be getting adequate attention by policymakers or b... -
A Federal Cyber Insurance Backstop Is Premature
A cyber backstop is unnecessary because firms conduct online activity regardless of whether insurance is available. Worryingly, a backstop could undermine insurers in incentivizing improved cybersecurity.
Democracy & Elections
-
Recent Additions to Entity List Part of Broader U.S. Effort Targeting Spyware
The Commerce Department’s addition of four entities to the export control Entity List highlights accelerated efforts to target companies providing cyber services to certain foreign governments—especially... -
FBI Warns That Deepfakes Will Be Used Increasingly in Foreign Influence Operations
On Mar. 10, the FBI’s Cyber Division released a Private Industry Notification (PIN) warning that “Malicious actors almost certainly will leverage synthetic content for cyber and foreign influence operati... -
How to Make the National Cyber Director Position Work
It will fall on the incoming Biden administration to implement the new office—and a great deal of hard work lies ahead.
Executive Branch
-
The NDAA Pushes Forward on Cyber Metrics
The spending bill authorizes the Pentagon to create procurement pathways in which software can be purchased in less than a year. If effectively implemented, the change would be dramatic. -
WikiLeaks and the Lost Promise of the Internet
Julian Assange’s arrest was a long time coming. After seven years hiding in Ecuador’s London embassy and a number of false alarms, the WikiLeaks founder was finally evicted from the building and passed t... -
Cybersecurity Fallout From the Partisan Divide Over Russian Election Interference?
A recent Ipsos/Reuters poll found that 56 percent of Americans strongly agree or somewhat agree that Russia interfered in the 2016 election on behalf of Donald Trump. Within that group, only 32 percent o...
Foreign Relations & International Law
-
What Impact, if Any, Does Killnet Have?
Killnet, the pro-Russian hacktivist collective, launched an ineffective DDoS attack on U.S. government websites earlier this month, leaving many to wonder what the purpose of such groups is and what impa... -
CFIUS, Team Telecom and China
What have CFIUS and Team Telecom been up to? -
The White House Responded to the Chinese Hacks of the Microsoft Exchange Servers This Week. Is It Enough?
The Biden administration should be applauded for building a broad coalition of allies to condemn China's dangerous cyber activity. Now, the White House should do what it has done to other U.S. adversarie...
Intelligence
-
DOJ Charges Two Former Twitter Employees with Spying for the Saudis
-
WikiLeaks and the Lost Promise of the Internet
Julian Assange’s arrest was a long time coming. After seven years hiding in Ecuador’s London embassy and a number of false alarms, the WikiLeaks founder was finally evicted from the building and passed t... -
The China SuperMicro Hack: About That Bloomberg Report
According to Jordan Robertson and Michael Riley in Bloomberg Businessweek, China has recently engaged in bulk supply-chain sabotage, corrupting thousands of servers on computers that end up in the server...
States & Localities
-
Cybersecurity Legislation in the House of Representatives
In two earlier posts I’ve focused on some of the particular issues that may arise during the Senate’s consideration of a comprehensive cybersecurity bill. The focus on the Senate is apt, inasmuch as Sen...
Surveillance & Privacy
-
The Fallout From the First Trial of a Corporate Executive for ‘Covering Up’ a Data Breach
The Justice Department should issue guidance to clarify the line between covering up a data breach and merely declining to disclose it. -
Rethinking Responsible Disclosure for Cryptocurrency Security
Cryptocurrency security really is worse than other digital technologies, and there’s a good chance it always will be. -
Apple Client-Side Scanning Takes A Pause
Late on Friday, Apple stated that it would postpone its plans to deploy a system that scanned images on iPhones for child sexual abuse material (CSAM).
Terrorism & Extremism
-
The Dangers of Walling Off America
In my twenty years of government service, I have been part of three Presidential transitions. In my experience, it is common for members of an outgoing administration to be unsure—and sometimes skeptica... -
Hillary Clinton on Encryption as a Problem to be Solved
Yesterday, former Secretary of State Hillary Clinton outlined her national security plan against the Islamic State, speaking at the University of Minnesota in Minneapolis. -
Civil Liability for End-to-End Encryption: Threat or Fantasy? Part II
In the first part of this series, we looked at the question of whether Apple could be held liable in a negligence tort for refusing to retain the ability to provide law enforcement with decrypted communi...
