Countering cyber-threats can be difficult, and information sharing has come to be seen as a constructive way to attack the problem. Elaine Lammert, a former Deputy General Counsel with the FBI, spoke with the Cipher Brief about the need for a holistic approach to cybersecurity and the importance of trust ...

Threat intelligence sharing has a complex history within the security industry. The premise is simple: cybercriminals will often launch attacks with similar components, using the same tactics, or even re-use the same malware or exploits over and over again. If every organization was sharing intelligence on the attacks being launched ...

Late last year, the text of the Cybersecurity Information Sharing Act (CISA) found its way into a consolidated spending bill and was signed into law by President Barack Obama on December 18, 2015.  CISA is designed to "improve cybersecurity in the United States through enhanced sharing of information about cybersecurity ...

One of the key lessons of 2015 was that cybersecurity is more important than ever – a lesson that Sony and the Office of Personnel Management learned the hard way. In the wake of these hacks, information sharing has become a very popular way for private companies and the government ...

The CEO of the XYZ Company, which relies on intellectual property for its corporate success, is frightened by increasing cyber attacks against major corporations like Sony and Target. He/She invests millions to enhance the company’s information security by hiring experts and installing the most sophisticated defenses on the market. One ...

President Barack Obama spent much of his last State of the Union address dwelling on domestic issues, but he also pointedly reminded Americans that the United States is the most powerful nation on earth.  Our commander-in-chief acknowledged that it’s still a dangerous world out there but pinned that on failing ...

Discussion and debate about international privacy-related standards have been around since the 1940s, when the recognition of privacy as a basic right was ratified by the United Nations (U.N.) Declaration of Human Rights of 1948.  Since then, the number of data privacy requirements has grown dramatically, as nations seek to ...

How many sites do you log into everyday? Between work email, personal email, Twitter, Facebook, LinkedIn, and all the other accounts the average person has online, the number is probably fairly large. With that in mind, how many passwords do you have? That number is almost certainly smaller. Therein lies ...

Last fall brought news that the victims of the OPM fingerprint breach expanded to over five million prints. It’s for this reason that the safety of biometric data should be questioned and discounted as a viable means for authentication. Multiple techniques are available for using this type of information to ...

As data breaches become more common and cyber-criminals become more adept at stealing personal data, there’s a need to develop better ways to protect people’s identities online. Brett McDowell is the Executive Director of the FIDO Alliance, an organization that develops strong authentication standards to better protect individuals’ digital identities. ...

As the world becomes more connected, people are placing more and more information online. Gary Davis is the Chief Consumer Security Evangelist at Intel Security, and he spoke with the Cipher Brief about the biggest threats to your digital identity – and what you can do to protect yourself. The ...

As the number of corporate data breaches continues to mount, boards and management teams around the world are justifiably concerned about the reputational risks from mishandling a breach. In the wake of a string of high-profile breaches across a range of sectors, from entertainment and health care to retail and ...

Estonia packs a punch in the cyber domain. The country is a world leader in cyber-related innovation, and it has charted that course without compromising security. Estonia initially gained global attention as a cyber-target, seeking to overcome a series of organized attacks in 2007 widely attributed to Russian groups.  Estonia ...

For years, I slept fitfully after a “friend” told me that it wasn’t the noisy mosquitos buzzing in my ears at night that were a problem.  Instead, it was the female mosquitos that made no noise at all but laid eggs in your ears at night.  That image wrecked my ...

Scott Kessler and Eric Rachner are the co-founders of Secure Senses Inc, which provides human intelligence-based cybersecurity services. In an interview with the Cipher Brief, they indicated that “hacking as a service” is on the rise in the Russian hacker community, and that the scale of the problem this represents ...

The Russian government is considered to be one of the most advanced cyber actors globally, with highly sophisticated cyber capabilities on par with the other major cyber powers. Open source information about Russian cyber programs and funding is scarce, but an ultimate goal of the government is to gain information ...

The legacy of the Cold War has left many enduring images in the minds of most Americans, images that are usually associated with Russia and its nuclear arsenal.    But a key threat, from what many believe is the new Cold War, could very well be from Russian hackers. When listing ...

In 2016, the gap between threat actors and the cybersecurity industry will continue to expand. The security industry continues to fight the cyber battles with strategies that are 10 years old, while threat actors change their strategies on a monthly basis. This situation isn’t given the attention it desperately requires. ...

With the proliferation of many advanced security tools, enterprise and C-Suite managers have recently turned to deploying the most fashionable, powerful, and popular tools on the market, bolstering their defense capabilities and impressing shareholders. The story is typical: A CIO or CISO is lured by clever marketing gimmicks or a ...

Large businesses in the United States are putting substantial resources into protecting their information from cybersecurity threats. As a result, they are tougher targets for malicious attacks, so hackers and cyber criminals are now focusing their unwanted attention on smaller, less secure businesses. Small businesses have money and information of ...

Justin Zeefe is a co-founder and Chief Strategy Officer for the Nisos Group.  Zeefe spoke with The Cipher Brief about the evolving cyber-threat and how smaller businesses can best protect themselves. His main advice?  Make cybersecurity a priority and be proactive about protecting your assets. The Cipher Brief: It seems ...

Few businesses today would think of operating without liability, property, or workers’ compensation insurance and yet, according to a recent survey by CSO magazine, only 59 percent of organizations have some form of cybersecurity insurance. Part of the problem is that cybersecurity insurance continues to be a maturing market that ...

Davis Hake is the Director of Cybersecurity Strategy for Palo Alto Networks and a former official at the Department of Homeland Security.  Hake spoke with The Cipher Brief about the importance of information sharing and creating a coordinated response to the changing cyber-threat. The Cipher Brief: It seems like cyber-attacks ...

Periodically, The Cipher Brief profiles an up and coming leader in the cybersecurity and national security fields.   This week we introduce you to Angela Knox, the Senior Engineering Director at Cloudmark, a network security company.  Computer Business Review recently named Knox as one of the five top women leading the ...

Chris Young is the general manager of the Intel Security Group at the Intel Corporation, where he leads the company’s security practice. Young sat down with The Cipher Brief to discuss the evolving nature of the cyber threat and what businesses can do to better protect themselves. The Cipher Brief: ...

Cybersecurity has not only dominated the headlines in the wake of the U.S. Office of Personnel Management (OPM) and Sony hacks, it has become a big business opportunity as well. The demand for protection in the cyber domain is rising across the world. According to current projections, cybersecurity firms can ...

To understand what domestic and strategic factors may have encouraged Iran to seek stronger cyber-capabilities, it helps to look at the several ways Iran uses such capabilities. First, Iran wants to keep its citizens under surveillance. Second, Iran wants to know the intentions and capabilities of other countries. Third, Iran ...

Iranian hacks into the social media accounts of U.S. State Department officials are the latest signal from Tehran that it is not looking to turn the page on its embattled relationship with Washington. They also reflect the diversification underway in Iranian cyberwarfare tactics, which in recent years have expanded from ...

Iran is a second tier cyber power. By the standards of other state actors, its capabilities—both offensive and defensive—are relatively modest, but they are growing steadily. Cyber operations have also become an integral component of Iranian military doctrine and strategy, which place a heavy emphasis on the principles of asymmetry ...

Through a series of attacks over the last three years, Iran has revealed a limited offensive cyber capability but a willingness to use it to meet its geopolitical goals. In testimony calling out Iran for attacks on Sands Casinos, Director of National Intelligence James Clapper put Iranian cyber capability in ...

The U.S.-China summit has concluded and the announced results provided little good news on the cyber front, at least for us. Beijing certainly got what it wanted: no executive order sanctions against its officials and companies for benefitting from its planetary-scale cyber espionage campaign.  The Obama Administration apparently got what ...

The safe harbour was a convenient fiction that enabled business-as-usual processes to take place between the EU and the U.S. Many were shocked when the Court of Justice of the European Union (CJEU) ruled it invalid, but in reality, the judgment should not have come as a surprise. The reasoning ...

The U.S. technology sector received a surprise jolt in October when the European Court of Justice struck down the Safe Harbor Framework, setting off a scramble to accommodate this sudden shift in privacy regulations. The framework was established in 2000 to provide guidance on how companies could transfer customer information ...

The European Union and the United States have been close allies for decades and "partners of first resort," to use the words of both former Secretary of State Hillary Clinton and current Secretary of State John Kerry. We are the largest trading bloc in the world and the primary destination ...

Twelve days after the Paris attacks, I was waiting for a flight at London's Heathrow Airport, which seemed to be running with its customary sedate orderliness despite Brussels being on "lockdown" and police raids still taking place in Paris and Belgium.  While checking online for the latest developments in the ...

You would probably be surprised to know what a logistical feat it is to manufacture a smart phone. The base materials are mostly silicon, plastic iron, aluminum, copper, lead, zinc, tin, and nickel. There are also a number of rare earth elements that are present in small amounts but are ...

Joe Jarzombek, a cybersecurity expert at the Department of Homeland Security, recently participated in the 2015 SSCA (Software and Supply Chain Assurance) Winter Working Group Session, which focused on improving cooperation between government and industry in the area of information and communication technology assurance. The Cipher Brief spoke with Jarzombek ...

Over the past several decades, quality, health and safety, and environmental issues have topped the list of supply chain concerns. However, increasingly two issues are rising to the fore of the agenda for multinationals working with third parties across the globe. According to the PwC 2015 State of Compliance Survey, ...

Critical infrastructure organizations have large and complex IT networks built on top of an assortment of heterogeneous technologies.  Many large enterprises also extend their in-house IT assets to an external web of connected business partners, customers, outsourcers, and suppliers.  This multifaceted amalgamation of participants is sometimes known as the cyber ...

Nearly a year ago, we witnessed an act of cyber destruction directed against the networks of Sony Pictures Entertainment.  The destruction was serious and somewhat unprecedented – frozen computers, leaked proprietary and personal information accompanied by threats against movie theaters.   After the attack came an argument about attribution—whodunit?—lasting several weeks ...

At the Department of Homeland Security (DHS), Caitlin Durkovich leads the Department’s efforts to strengthen public-private partnerships and coordinate programs to protect the nation’s critical infrastructure, assess and mitigate risk, build resilience, and strengthen incident response and recovery.  She spoke with The Cipher Brief about what DHS is doing to ...

As a senior advisor to two U.S. Presidents, Melissa Hathaway helped develop U.S cybersecurity policies.  She currently is the President of Hathaway Global Strategies, and a senior advisor for the Cyber Security Project at Harvard.  Hathaway spoke with The Cipher Brief about how critical infrastructure sectors need to be prioritized ...

Ralph Langner is co-founder of the Langner Group, an independent cyber defense consultancy, who has a quarter of a century experience working cybersecurity issues that impact critical infrastructure.  Langner spoke with The Cipher Brief about how the threats facing our nation’s critical infrastructure have evolved, and what needs to be ...

The debate about “Going Dark” has reignited following the tragic attacks in Paris last week. There have been claims the terrorists used encrypted communications to coordinate their attack and avoid detection by intelligence services– creating what is, essentially, the worst case scenario envisioned by advocates for government access to encrypted ...

205 Days. 69 Percent. $3.8 Million. These are important numbers that incident response company Mandiant highlights in their 2015 M-Trends Threat Report and the Poneman Institute identifies in their 2015 Cost of Data Breach Study: Global Analysis report.  Why are they important? 205 days is the median time between a ...

Jim Aldridge is a Director at Mandiant, a FireEye company, and focuses on incident response. Aldridge spoke with the Cipher Brief about the evolving cyber-threat, and what to do if you get hacked. The Cipher Brief: Are cyber attacks becoming more common, and what explains the rise in these incidents? Jim ...

Mayer Brown provides legal services to organizations across the globe and recently released a report entitled Preparing For and Responding to a Computer Security Incident: Making the First 72 Hours Count. The authors of the report, Marcus Christian and Stephen Lilley, spoke with the Cipher Brief about the key elements of ...

Does your organization have a cybersecurity program in place with the primary objective of proactively identifying and managing the cyber threats that you face every day?  Many enterprises harbor cybersecurity blind spots that leave them feeling unprepared amid a cyber incident. As threats continue to mount, organizations are responding by ...

Despite the concerns of privacy advocates, the Senate has passed cybersecurity legislation, creating a process for the government and private industry to share information on cyber attacks.    The Cybersecurity Information Sharing Act (CISA) was overwhelmingly approved by a 74-21 vote on Tuesday.   It must now be reconciled with two similar ...

The emerging world of ever-growing connectivity, cybersecurity, and cyber-threats has initiated an uncontrolled transformation in the balance of global superpowers. The old notion of power relying on the number of aircraft and missiles a country owns has expanded to include new terms—terms such as the magnitude of a denial of ...