The U.S. Administration released its new National Cyber Strategy on Thursday, covering a broad number of security-related issues that fall into four main categories, it refers to as ‘pillars’. The first pillar includes securing federal networks and information, securing critical infrastructure, fighting cybercrime and seeking improved incident reporting.  The second ...

On Wednesday, the Department of Defense (DoD) quietly released an unclassified summary and fact sheet on its 2018 Cyber Strategy, which replaces the 2015 DoD Cyber Strategy. Here are ten things you need to know about the new strategy: The cyber strategy is deeply influenced by the National Defense Strategy, ...

The world’s malicious cyber actors -- Russia, China, Iran, and North Korea – have spoiled cyber’s original, idealistic vision and instead use cyberspace to advance competitive interests to undermine Western laws and norms and pursue a clandestine means (cyber theft) to catch up with the West in technology, political influence, ...

A gifted intelligence officer with whom I worked was fond of pronouncing, “A storm is announced by a single breeze”.  That supposed Chinese saying was invariably invoked when we thought we had divined the first hint of our adversary’s intent. The Chinese intelligence storm bearing down on the U.S. has ...

Up Front:  The U.S. government is taking on a more aggressive role in its mission to protect software supply chains from being infiltrated, as the government’s public-private cyber lead agency announces new initiatives to share information and improve response to cyber threats. The Department of Homeland Security announced the launch ...

Bottom Line: In the past decade, Iran’s cyber capabilities have evolved from a tool used to lash out against domestic opponents of the Islamic Republic to a central pillar of its national strategy of holding adversaries at risk and gleaning crucial foreign intelligence. Despite a fall in disruptive Iranian cyberattacks ...

Few would argue that in a world of consistent, emerging cyber threats, the role of the Chief Information Security Officer is one that requires a special kind of calm as well as a steady stream of credible, timely information.  Some of the information that is used to build a strong ...

As details are released about the upcoming summit between the U.S. and Russia, Intelligence Officers are expected to ramp up collection efforts in order to prep the field ahead of talks. “Whenever you’ve got a summit coming up, your intelligence community, and your opponent’s kicks into high gear,” says Cipher ...

In part two of The Cipher Brief’s two-part series on how Russia is building its virtual battlefield, we look at the U.S response to the tools and tactics that the Kremlin is employing and ask whether it’s enough.  Response: The U.S. has responded to Russian activity in cyberspace through diplomatic ...

National security experts agree that the long-term threat China poses to U.S. national security is significant.  It may be hard to see that often as the world focuses on North Korea and Iran and the immigration issue in the U.S., but last week on Capitol Hill, Senator Marco Rubio addressed ...

As the world focuses on the Singapore summit between President Donald Trump and North Korean leader Kim Jong Un, the President’s Treasury Secretary announced sanctions against five Russian entities and three individuals for their ties to Russian cyber activities, prompting some to question the Administration’s mixed signals on Russia over ...

Bottom Line:  The risk posed to U.S. national security by what are believed to be Russian-backed hacking groups, is similar to the October 1962 Cuban Missile Crisis according to Cipher Brief Experts, but different, in that the U.S. has no clear and obvious deterrent this time around. Recent Developments:  The ...

This article has been updated to include comments from Cipher Brief experts. On Monday, the U.S. and UK jointly blamed Moscow for cyber intrusions into the backbone of the internet – the routers and switches that are the gateway for internet access in major corporations and your home office. “Since ...

The United States is in the midst of the most resounding policy shift on cyber conflict, one with profound implications for national security and the future of the internet. The just-released U.S. Cyber Command “vision” accurately diagnoses the current state of cyber conflict and outlines an appropriate new operational model ...

Special Counsel Robert Mueller has released the indictment of 13 Russian nationals and three Russian entities for allegedly interfering in the 2016 presidential election. The indictment charges all of the defendants with conspiracy to defraud the United States, three defendants with conspiracy to commit wire fraud and bank fraud, and ...

The shooting incident at the entrance to the National Security Agency had nothing to do with targeting the intelligence center, and there were no fatalities, a former U.S. official briefed on the incident tells The Cipher Brief. Up to three suspects in an SUV were being chased by police, and ...

After reports that highly classified intelligence material was taken from a NSA contractor’s private computer through the individual’s use of Kaspersky Lab’s antivirus software, all eyes turned to the Moscow-based company’s relationship with Russian intelligence and the Kremlin. As private companies using the antivirus software scramble to assess their exposure, ...

Just as criminals conduct business in the dark allies of cities, they also trade in illicit products such as drugs, guns, and counterfeit documents through online bazaars hidden behind anonymizing technology in a place known as the darknet. Last month, law enforcement agencies led by U.S. and Dutch authorities took ...

On July 20, 2017, U.S. and European law enforcement authorities announced they had jointly taken down two major darknet marketplace sites: AlphaBay and Hansa. These sites, which aspire to operate in the shadows beyond the reach of national and international police forces and organizations, present a significant risk to national ...

No consensus report resulted from the yearlong negotiations of the 5th United Nations Group of Governmental Experts (GGE) on the Developments in the Field of Information and Communications Technologies (ICTs). As the meeting drew to a close in June, the 25 government officials ended their work with a disappointing acknowledgement ...

Unsurprisingly, the fifth UN Group of Governmental Experts (GGE) ran into difficulties that proved fatal. Previous GGEs operated in a more favorable international climate. The substance of the GGE’s work peaked with its 2013 Report and by the end of the 2015 session, it was clear that the GGE format ...

On Friday, Ben Wallace, the Minister of State for Security for the United Kingdom, said in a BBC radio interview the UK government believes a North Korean hacking group was responsible for the “WannaCry” malware attack, which shut down Britain’s National Health Service data system in May. “I obviously can’t ...

In December 2014, while many were still preoccupied with the aftermath of the North Korean cyber attack on Sony Pictures Entertainment, South Korea was in a crisis of its own. An entity identifying itself as an “Anti-Nuclear Power Group” demanded that the country shut down three of its civilian nuclear reactors by ...

As more and more business is conducted online and cyber criminals target in on a very lucrative market, both the public and private sector face increasing cybersecurity risks.  The Cipher Brief sat down with Scott Keoseyan, the leader for Deloitte’s Cyber Threat Analysis and Research Teams, and Keith Brogan, a ...

Whether it’s your phone, your computer, TV, or even a refrigerator, all those connected devices that we depend on in our daily lives have become targets for an ever-growing cadre of cyber criminals.  The Cipher Brief spoke with two Flashpoint officials, Chief Scientist Lance James and Subject Matter Expert Vitali ...

Cyber threats pose a challenge to banks and firms operating in the financial sector, primarily due to the fact that “vulnerability really exists everywhere,” both on the technological side and the business side, says Michael Orozco, Managing Director in Accenture Strategy Security. To help improve security in the financial sector, ...

The Cipher Brief sat down with Steven Grossman, VP of Strategy and Enablement at Bay Dynamics, to discuss the current cyber threat landscape facing the financial sector. According to Grossman, insider threats pose the greatest risk to the global banking industry and that “being able to track, manage, and understand ...

The controversial new movie “Snowden,” which is provocative director Oliver Stone’s take on NSA leaker Edward Snowden, was released in the United States on Friday.   The release of the film, along with his recent departure from Booz Allen Hamilton,  prompted Snowden’s former boss to speak out for the first time ...

The Cipher Brief’s Luke Penn-Hall sat down with Steve Grobman, Intel Fellow and Chief Technology Officer for Intel Security, at the annual Black Hat cybersecurity conference, which took place in early August. Steve discussed how he views the threat from ransomware evolving. The Cipher Brief: How do you see ransomware ...

The Cipher Brief’s Luke Penn-Hall spoke to Tom Parker, Chief Technology Officer for FusionX, at the annual Black Hat cybersecurity conference that took place in early August. Parker shared his view of the threat landscape to Supervisory Control and Data Acqusition (SCADA) systems and other critical industrial infrastructure. The Cipher ...

Hillary Clinton may have dodged an indictment when the FBI announced it would not recommend criminal charges against her for using a private email server while Secretary of State, but the State Department itself took a hit on account of its overall security culture. During the FBI announcement last week ...

It has been a little over a year since the Office of Personnel Management announced that it had been breached. Since that time, the federal government has taken an array of steps to improve its cybersecurity posture and avoid another major breach. The Cipher Brief spoke to John Davis, Vice ...

The Office of Personnel Management (OPM) was the victim of a cyber-attack in 2014.  Hackers (the Chinese are suspected) gained access to OPM’s local-area network on or about May 7, 2014 by stealing credentials and then planting malware and creating a backdoor for exfiltration.  Actual exfiltration of data on background ...

Countering cyber-threats can be difficult, and information sharing has come to be seen as a constructive way to attack the problem. Elaine Lammert, a former Deputy General Counsel with the FBI, spoke with the Cipher Brief about the need for a holistic approach to cybersecurity and the importance of trust ...

Threat intelligence sharing has a complex history within the security industry. The premise is simple: cybercriminals will often launch attacks with similar components, using the same tactics, or even re-use the same malware or exploits over and over again. If every organization was sharing intelligence on the attacks being launched ...

Late last year, the text of the Cybersecurity Information Sharing Act (CISA) found its way into a consolidated spending bill and was signed into law by President Barack Obama on December 18, 2015.  CISA is designed to "improve cybersecurity in the United States through enhanced sharing of information about cybersecurity ...

One of the key lessons of 2015 was that cybersecurity is more important than ever – a lesson that Sony and the Office of Personnel Management learned the hard way. In the wake of these hacks, information sharing has become a very popular way for private companies and the government ...

The CEO of the XYZ Company, which relies on intellectual property for its corporate success, is frightened by increasing cyber attacks against major corporations like Sony and Target. He/She invests millions to enhance the company’s information security by hiring experts and installing the most sophisticated defenses on the market. One ...

President Barack Obama spent much of his last State of the Union address dwelling on domestic issues, but he also pointedly reminded Americans that the United States is the most powerful nation on earth.  Our commander-in-chief acknowledged that it’s still a dangerous world out there but pinned that on failing ...

Discussion and debate about international privacy-related standards have been around since the 1940s, when the recognition of privacy as a basic right was ratified by the United Nations (U.N.) Declaration of Human Rights of 1948.  Since then, the number of data privacy requirements has grown dramatically, as nations seek to ...

How many sites do you log into everyday? Between work email, personal email, Twitter, Facebook, LinkedIn, and all the other accounts the average person has online, the number is probably fairly large. With that in mind, how many passwords do you have? That number is almost certainly smaller. Therein lies ...

Last fall brought news that the victims of the OPM fingerprint breach expanded to over five million prints. It’s for this reason that the safety of biometric data should be questioned and discounted as a viable means for authentication. Multiple techniques are available for using this type of information to ...

As data breaches become more common and cyber-criminals become more adept at stealing personal data, there’s a need to develop better ways to protect people’s identities online. Brett McDowell is the Executive Director of the FIDO Alliance, an organization that develops strong authentication standards to better protect individuals’ digital identities. ...

As the world becomes more connected, people are placing more and more information online. Gary Davis is the Chief Consumer Security Evangelist at Intel Security, and he spoke with the Cipher Brief about the biggest threats to your digital identity – and what you can do to protect yourself. The ...

Estonia packs a punch in the cyber domain. The country is a world leader in cyber-related innovation, and it has charted that course without compromising security. Estonia initially gained global attention as a cyber-target, seeking to overcome a series of organized attacks in 2007 widely attributed to Russian groups.  Estonia ...

As the number of corporate data breaches continues to mount, boards and management teams around the world are justifiably concerned about the reputational risks from mishandling a breach. In the wake of a string of high-profile breaches across a range of sectors, from entertainment and health care to retail and ...

For years, I slept fitfully after a “friend” told me that it wasn’t the noisy mosquitos buzzing in my ears at night that were a problem.  Instead, it was the female mosquitos that made no noise at all but laid eggs in your ears at night.  That image wrecked my ...

Scott Kessler and Eric Rachner are the co-founders of Secure Senses Inc, which provides human intelligence-based cybersecurity services. In an interview with the Cipher Brief, they indicated that “hacking as a service” is on the rise in the Russian hacker community, and that the scale of the problem this represents ...

The Russian government is considered to be one of the most advanced cyber actors globally, with highly sophisticated cyber capabilities on par with the other major cyber powers. Open source information about Russian cyber programs and funding is scarce, but an ultimate goal of the government is to gain information ...

The legacy of the Cold War has left many enduring images in the minds of most Americans, images that are usually associated with Russia and its nuclear arsenal.    But a key threat, from what many believe is the new Cold War, could very well be from Russian hackers. When listing ...